DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...

AZL-71125 CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2023-436)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-436 advisory. 2024-03-27: CVE-2023-23908 was added to this advisory. An issue was found in redundant REX instruction prefix values affecting third generation Intel Xeon Scalable Icelake processors. The issue...

Design/Logic Flaw

cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration SEC-436...

CVE-2018-20891

cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration SEC-436...

Amazon Linux: Security Advisory (ALAS-2014-436)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : xerces-j2 (ALAS-2014-436)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

Epic Games Unreal Engine 436 - Multiple Format String Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31141/info Unreal Engine is prone to multiple remote format-string vulnerabilities. Attackers can exploit the issues to execute arbitrary code within the context of a client application that uses the vulnerable engine...

CVE-2009-0910

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a...

Heap overflow

Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a...

CVE-2009-0910

CVE-2009-0910 involves a heap-based buffer overflow in the VNnc Codec used by VMware Workstation 6.5.x (before 6.5.2 build 156735), VMware Player 2.5.x (before 2.5.2 build 156735), VMware ACE 2.5.x (before 2.5.2 build 156735), and VMware Server 2.0.x (before 2.0.1 build 156745). The vulnerability...

Ubuntu Update for ktorrent vulnerability USN-436-2

Ubuntu Update for Linux kernel vulnerabilities USN-436-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN4362.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for ktorrent vulnerability USN-436-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-436-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 436-2 (mailman)

The remote host is missing an update to mailman announced via advisory DSA 436-2. OpenVAS Vulnerability Test $Id: deb4362.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 436-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2004-1805

The CVE-2004-1805 issue targets games using the Epic Games Unreal Engine 436, describing a format string vulnerability in class names that enables remote attackers to cause a denial of service and potentially execute arbitrary code. The vulnerability appears to be exploitable over the network, wi...