MidnightBSD

Advisories for tardiff_project

CVE-2015-0857 HIGH

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
tardiff_project tardiff -
debian debian_linux 8.0
CVE-2015-0858 LOW

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
tardiff_project tardiff -
debian debian_linux 8.0