Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
archive::tar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0931
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions prior to 1.3.2, allows remote malicious users to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
Pear Pear Archive Tar
7.5
CVSSv3
CVE-2016-10173
Directory traversal vulnerability in the minitar prior to 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote malicious users to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
Minitar Archive-tar-minitar
Minitar Minitar
7.1
CVSSv3
CVE-2021-32610
In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
Php Archive Tar
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
8.8
CVSSv3
CVE-2018-1000888
PEAR Archive_Tar version 1.4.3 and previous versions contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called witho...
Php Pear Archive Tar
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
1 Article
7.5
CVSSv3
CVE-2020-36193
Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Php Archive Tar
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
7.8
CVSSv3
CVE-2020-28948
Archive_Tar up to and including 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Php Archive Tar
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
3 Github repositories
7.8
CVSSv3
CVE-2020-28949
Archive_Tar up to and including 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Php Archive Tar
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
3 Github repositories
7.5
CVSSv3
CVE-2018-12015
In Perl up to and including 5.26.2, the Archive::Tar module allows remote malicious users to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Perl Perl
Archive\\ \\ Tar Project
Apple Mac Os X
Netapp Data Ontap Edge -
Netapp Snap Creator Framework -
Netapp Oncommand Workflow Automation -
Netapp Snapdrive -
NA
CVE-2007-4829
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and previous versions allows user-assisted remote malicious users to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
Archive\\ \\ Tar Project
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 7.10
7.8
CVSSv3
CVE-2016-1238
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpa...
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Perl Perl 5.003 92
Perl Perl 5.21.1
Perl Perl 5.9.3
Perl Perl 5.14.1
Perl Perl 5.8.0
Perl Perl 5.003 97
Perl Perl 5.6.0
Perl Perl 5.17.11
Perl Perl 5.24.1
Perl Perl 5.16.0
Perl Perl 5.19.6
Perl Perl 5.22.3
Perl Perl 5.17.4
Perl Perl 5.003 03
Perl Perl 5.18.4
Perl Perl 5.18.2
Perl Perl 5.8.4
Perl Perl 5.15.6
Perl Perl 5.004 04
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »