Vulnerabilities > Tardiff Project

DATE CVE VULNERABILITY TITLE RISK
2016-05-06 CVE-2015-0858 Link Following vulnerability in multiple products
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
local
low complexity
debian tardiff-project CWE-59
3.3
2016-05-06 CVE-2015-0857 Command Injection vulnerability in multiple products
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
network
low complexity
tardiff-project debian CWE-77
critical
9.8