Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archive tar project vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-4829
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and previous versions allows user-assisted remote malicious users to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Archive Tar Project
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
6.4
CVSSv2
CVE-2018-20990
An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
Tar Project Tar
5
CVSSv2
CVE-2021-38511
An issue exists in the tar crate prior to 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
Tar Project Tar
6.8
CVSSv2
CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote malicious users to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Gnu Tar 1.13
Gnu Tar 1.13.5
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.13.18
Gnu Tar 1.13.19
Gnu Tar 1.13.25
Gnu Tar 1.14
Gnu Tar 1.14.90
Gnu Tar 1.15
Gnu Tar 1.15.1
Gnu Tar 1.15.90
Gnu Tar 1.15.91
Gnu Tar 1.16
6.4
CVSSv2
CVE-2018-12015
In Perl up to and including 5.26.2, the Archive::Tar module allows remote malicious users to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Perl Perl
Archive Tar Project
Apple Mac Os X
Netapp Snap Creator Framework -
Netapp Data Ontap Edge -
Netapp Snapdrive -
Netapp Oncommand Workflow Automation -
7.5
CVSSv2
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Gnu Tar
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
1 EDB exploit
10
CVSSv2
CVE-2021-38197
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
Go-unarr Project Go-unarr 0.1.1
7.1
CVSSv2
CVE-2021-20291
A deadlock vulnerability was found in 'github.com/containers/storage' in versions prior to 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected ...
Storage Project Storage
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.8
CVSSv2
CVE-2022-21675
Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package before 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive that holds directory...
Bytecode Viewer Project Bytecode Viewer
3 Github repositories
6.5
CVSSv2
CVE-2021-21251
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarU...
Onedev Project Onedev
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »