Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2021-06-18 | 10.0 HIGH | N/A |
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | |||||
| CVE-2007-4476 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Tar | 2021-05-17 | 7.5 HIGH | N/A |
| Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | |||||
| CVE-2006-0300 | 1 Gnu | 1 Tar | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | |||||
| CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2018-10-19 | 2.6 LOW | N/A |
| The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
| CVE-2002-0399 | 1 Gnu | 1 Tar | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
| CVE-2006-6097 | 1 Gnu | 1 Tar | 2018-10-17 | 4.0 MEDIUM | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | |||||
| CVE-2007-4131 | 3 Gnu, Redhat, Rpath | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2018-10-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. | |||||
| CVE-2010-0624 | 1 Gnu | 2 Cpio, Tar | 2018-10-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character. | |||||
| CVE-2002-1216 | 1 Gnu | 1 Tar | 2016-10-18 | 5.0 MEDIUM | N/A |
| GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. | |||||
| CVE-2001-1267 | 1 Gnu | 1 Tar | 2008-09-05 | 2.1 LOW | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). | |||||