Lucene search
+L

14 matches found

OSV
OSV
added 2026/06/22 7:40 a.m.4 views

OPENSUSE-SU-2026:20998-1 Security update for tree-sitter-ruby

This update for tree-sitter-ruby fixes the following issues - CVE-2025-5889: brace-expansion: inefficient regular expression complexity in function expand of file index.js bsc1244345. - CVE-2025-59343: tar-fs: tar-fs symlink validation bypass bsc1250517. Changes for tree-sitter-ruby: - Use correc...

8.7CVSS6AI score0.00516EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 6:58 p.m.8 views

Security Bulletin: Vulnerabilities in tar-fs-2.1.1.tgz affecting MongoDB Enterprised Advanced (CVE-2025-59343)

Summary There is a vulnerability in tar-fs-2.1.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-59343. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1,...

8.7CVSS5.4AI score0.00516EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Atlassian Confluence 7.19.x < 8.5.10 / 8.6.x < 9.2.5 / 9.3.x < 9.3.1 / 9.4.x < 9.5.1 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101930)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101930 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.3AI score0.00516EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:41 p.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.

Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/25 12:0 a.m.3 views

Fedora 43 : yarnpkg (2025-ee9e7fb981)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ee9e7fb981 advisory. Fix CVE-2025-59343. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

8.7CVSS6.5AI score0.00516EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/10/09 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-4dd58248ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.7CVSS6.8AI score0.00516EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.3 views

Fedora 41 : yarnpkg (2025-4dd58248ff)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4dd58248ff advisory. Fix CVE-2025-59343. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

8.7CVSS6.5AI score0.00516EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/09/27 12:0 a.m.8 views

tree-sitter-ruby-0.23.1-2.1 on GA media (moderate)

tree-sitter-ruby-0.23.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15582-1 Rating: moderate Cross-References: CVE-2025-5889 CVE-2025-59343 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2...

6.9CVSS7.2AI score0.00516EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/09/25 11:23 p.m.5 views

SUSE CVE-2025-59343

tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves...

6.2CVSS7.6AI score0.00516EPSS
Exploits0References3
Chainguard
Chainguard
added 2025/09/25 7:43 p.m.8 views

CVE-2025-59343 vulnerabilities

Vulnerabilities for packages: tileserver-gl-fips, code-server, redisinsight, gitlab-rails-ce, gitlab-rails-ce-fips, grafana-image-renderer, tileserver-gl, sqlpad, kibana, langfuse...

8.7CVSS5.3AI score0.00516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.10 views

007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4988 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)

tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR5V...

8.7CVSS6AI score0.00516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.7 views

0wcc9yywcywy (=1.0.0), 0wu8yw8by8cw (=1.0.0) +2809 more potentially affected by CVE-2025-59343 via tar-fs (>=3.0.2 <=3.1.0)

tar-fs NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...

8.7CVSS6AI score0.00516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.7 views

007putra-my-bot (=1.1.1), 10bis-shufersal-automation (=1.0.0) +4988 more potentially affected by CVE-2025-59343 via tar-fs (>=2.0.0 <=2.1.3)

tar-fs NPM version =2.0.0, =0.2.0, =1.0.0, =1.0.0, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.123.2 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...

8.7CVSS6AI score0.00516EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/24 6:57 p.m.15 views

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +388 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...

8.7CVSS6AI score0.00516EPSS
Exploits0
Rows per page
Query Builder