Lucene search
K

67 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-20243 ClamAV ALZ Archive Processing Denial of Service Vulnerability

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ...

7.5CVSS0.00389EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 11:16 p.m.11 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 11:16 p.m.3 views

UBUNTU-CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 10:2 p.m.41 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

5.5CVSS5.9AI score0.00107EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.14 views

Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/11 5:16 p.m.15 views

CVE-2026-31248

Docling's METS GBS backend is vulnerable to XML Entity Expansion XXE attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring without disabling entity resolution. An attacker can craft a malicious XML file with nested entity definitions XML Bo...

7.5CVSS0.00278EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.11 views

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:1580-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1580-1 advisory. - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References32
OSV
OSV
added 2026/04/13 12:32 p.m.5 views

SUSE-SU-2026:1296-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3644: incomplete control character validation in http.cookies can lead to inpu...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References9
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Medium: rust-cargo-c

Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...

8.1CVSS5.9AI score0.00688EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7.3AI score0.00688EPSS
Exploits2References1
EUVD
EUVD
added 2026/03/20 5:25 p.m.7 views

EUVD-2026-13596

tar-rs incorrectly ignores PAX size headers if header size is nonzero...

8.1CVSS7.5AI score0.00688EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/03/20 7:6 a.m.3 views

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

5.1CVSS7.3AI score0.00397EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:6 a.m.8 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7.3AI score0.00688EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 7:6 a.m.5 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS5.3AI score0.00397EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/03/18 3:36 p.m.8 views

Important: Red Hat Security Advisory: Release of containers for RHOSO 18.0.17 security update

Red Hat OpenStack Services on OpenShift RHOSO 18.0.17 containers are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.8AI score0.00459EPSS
Exploits2References4
OSV
OSV
added 2026/03/17 7:49 p.m.6 views

GHSA-6GX3-4362-RF54 astral-tokio-tar insufficiently validates PAX extensions during extraction

Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 8:58 p.m.20 views

CVE-2026-27114 NanaZip has ROMFS Archive Infinite Loop

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue...

5.1CVSS0.00267EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.7 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25-openssl (SUSE-SU-2026:0298-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0298-1 advisory. Update to version 1.25.6 released 2026-01-15 jscSLE-18320, bsc1244485: Security fixes: -...

10CVSS8.1AI score0.01945EPSS
Exploits5References73
Rows per page
Query Builder