Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar project tar vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2018-20835
A vulnerability was found in tar-fs prior to 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file co...
Tar-fs Project Tar-fs
27 Github repositories
5.8
CVSSv2
CVE-2021-32803
The npm package "tar" (aka node-tar) prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is no...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
5.8
CVSSv2
CVE-2021-32804
The npm package "tar" (aka node-tar) prior to 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into ...
Tar Project Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
1 Github repository
5
CVSSv2
CVE-2022-25358
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar prior to 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories.
Awful-salmonella-tar Project Awful-salmonella-tar
5
CVSSv2
CVE-2021-32841
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash t...
Sharpziplib Project Sharpziplib
5
CVSSv2
CVE-2021-32842
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory ...
Sharpziplib Project Sharpziplib
5
CVSSv2
CVE-2021-38511
An issue exists in the tar crate prior to 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Tar Project Tar
4.3
CVSSv2
CVE-2018-11496
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.
Long Range Zip Project Long Range Zip 0.631
Debian Debian Linux 9.0
2 Github repositories
4.3
CVSSv2
CVE-2007-3645
archive_read_support_format_tar.c in libarchive prior to 2.2.4 allows user-assisted remote malicious users to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (...
Freebsd Libarchive
4.3
CVSSv2
CVE-2007-3644
archive_read_support_format_tar.c in libarchive prior to 2.2.4 allows user-assisted remote malicious users to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TA...
Freebsd Libarchive
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »