Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-32840
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior to version 1.3.3, a TAR file entry `../evil.txt` may be extracted in the parent directory of `destFolder`. This leads to arbitrary file write that may lead to code execution. The vulnerability was patched in ve...
Sharpziplib Project Sharpziplib
890
VMScore
CVE-2015-0857
Cool Projects TarDiff allows remote malicious users to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
Tardiff Project Tardiff -
Debian Debian Linux 8.0
890
VMScore
CVE-2021-38197
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
Go-unarr Project Go-unarr 0.1.1
633
VMScore
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions prior to 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected ...
Storage Project Storage
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
605
VMScore
CVE-2016-3180
Tor Browser Launcher (aka torbrowser-launcher) prior to 0.2.4, during the initial run, allows man-in-the-middle malicious users to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signatur...
Tor Browser Launcher Project Tor Browser Launcher 0.2.3
187
VMScore
CVE-2015-0858
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
Debian Debian Linux 8.0
Tardiff Project Tardiff -
445
VMScore
CVE-2021-32841
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash t...
Sharpziplib Project Sharpziplib
445
VMScore
CVE-2021-32842
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory ...
Sharpziplib Project Sharpziplib
578
VMScore
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarU...
Onedev Project Onedev
606
VMScore
CVE-2022-21675
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package before 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive that holds directory...
Bytecode Viewer Project Bytecode Viewer
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »