CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

458 matches found

Amazon Linux 2 : perl-Archive-Tar, --advisory ALAS2-2026-3347 (ALAS-2026-3347)

The version of perl-Archive-Tar installed on the remote host is prior to 1.92-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3347 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extractio...

9.1CVSS5.6AI score0.00052EPSS

Exploits0References8

Tenable Nessus•added yesterday•3 views

Amazon Linux 2023 : perl-Archive-Tar, perl-Archive-Tar-tests (ALAS2023-2026-1805)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1805 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink witho...

9.1CVSS5.6AI score0.00052EPSS

Exploits0References8

Amazon•added yesterday•4 views

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

9.1CVSS5.5AI score0.00052EPSS

Exploits0

Amazon•added yesterday•4 views

Important: perl-Archive-Tar

9.1CVSS5.4AI score0.00052EPSS

Exploits0

RedhatCVE•added 4 days ago•5 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.4AI score0.00048EPSS

Exploits0References1

RedHat Linux•added 6 days ago•11 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 packages and security update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

7.1CVSS5.8AI score0.00024EPSS

Exploits4References2

RedhatCVE•added 6 days ago•7 views

CVE-2026-42496

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.8AI score0.00052EPSS

Exploits0References6

Microsoft CVE•added 2026/05/29 8:8 a.m.•4 views

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

...

9.1CVSS5.4AI score0.00052EPSS

Exploits0

Tenable Nessus•added 2026/05/27 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar...

9.1CVSS5.8AI score0.00052EPSS

Exploits0References4

Tenable Nessus•added 2026/05/27 12:0 a.m.•24 views

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

7.5CVSS5.8AI score0.00048EPSS

Exploits0References3

NVD•added 2026/05/26 2:16 a.m.•6 views

CVE-2026-9538

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...

7.5CVSS0.00037EPSS

Exploits0References3

OSV•added 2026/05/26 2:16 a.m.•4 views

DEBIAN-CVE-2026-9538

7.5CVSS5.8AI score0.00037EPSS

Exploits0References1

OSV•added 2026/05/26 2:16 a.m.•5 views

DEBIAN-CVE-2026-42497

7.5CVSS5.8AI score0.00048EPSS

Exploits0References1

NVD•added 2026/05/26 2:16 a.m.•7 views

CVE-2026-42497

7.5CVSS0.00048EPSS

Exploits0References3

NVD•added 2026/05/26 2:16 a.m.•7 views

CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

9.1CVSS0.00052EPSS

Exploits0References3

OSV•added 2026/05/26 2:16 a.m.•4 views

DEBIAN-CVE-2026-42496

9.1CVSS5.8AI score0.00052EPSS

Exploits0References1

OSV•added 2026/05/26 2:16 a.m.•2 views

UBUNTU-CVE-2026-9538

7.5CVSS5.8AI score0.00037EPSS

Exploits0References6

OSV•added 2026/05/26 2:16 a.m.•6 views

UBUNTU-CVE-2026-42496