Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tar vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12476
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUS...
Suse Obs-service-tar Scm
7.5
CVSSv3
CVE-2019-9923
pax_decode_header in sparse.c in GNU Tar prior to 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Gnu Tar
Opensuse Leap 15.0
7.5
CVSSv3
CVE-2016-10173
Directory traversal vulnerability in the minitar prior to 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote malicious users to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Minitar Archive-tar-minitar
Minitar Minitar
5.5
CVSSv3
CVE-2022-48303
GNU Tar up to and including 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime h...
Gnu Tar
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.6
CVSSv3
CVE-2021-37713
The npm package "tar" (aka node-tar) prior to 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is no...
Npmjs Tar
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
4.7
CVSSv3
CVE-2018-20482
GNU Tar up to and including 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different u...
Gnu Tar
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
7.1
CVSSv3
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
NA
CVE-2007-4829
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and previous versions allows user-assisted remote malicious users to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Archive Tar Project
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
NA
CVE-2005-1918
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted malicious users to overwrite arbitrary files via a crafted tar file, probably involving &q...
Gnu Tar 1.13.25
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux Desktop 3.0
Redhat Linux Advanced Workstation 2.1
Redhat Enterprise Linux 3.0
8.6
CVSSv3
CVE-2021-37701
The npm package "tar" (aka node-tar) prior to 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. Thi...
Npmjs Tar
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Graalvm 20.3.3
Oracle Graalvm 21.2.0
Siemens Sinec Infrastructure Network Services
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »