DEBIAN-CVE-2026-11210

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...

CVE-2026-11210

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. Chromium security severity: Medium...

CVE-2026-11210

CVE-2026-11210 concerns Google Chrome’s Safe Browsing component. The issue is an inappropriate implementation that allows a remote attacker to bypass discretionary access control via a crafted RAR file, affecting Chrome builds prior to 149.0.7827.53 . The vulnerability is remote, requires user in...

PT-2026-45517

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

Astra Linux - уязвимость в python2.7, pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Astra Linux - уязвимость в p7zip

Ppmd7.c in 7-ZIP before 23.00 allows for integer underflow and invalid read operations due to a crafted 7Z archive...

Astra Linux - уязвимость в libarchive

“executefilteraudio” in “archivereadsupportformatrar.c” in “libarchive” before version 3.7.5 allows out-of-bounds access via a crafted archive file, as “src” can move beyond “dst”...

CVE-2026-41530

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name,...

PT-2026-39779

Name of the Vulnerable Software and Affected Versions macOS Tahoe versions prior to 26.5 Description A logic issue involving file handling allows a maliciously crafted ZIP archive to bypass Gatekeeper checks. Gatekeeper is a security feature that ensures only trusted software runs on the system...

PT-2026-39177

Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding,...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

Astra Linux - уязвимость в golang-1.19, golang-1.23

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

Linux Distros Unpatched Vulnerability : CVE-2026-6941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured...

CVE-2026-6941

A flaw was found in radare2. A local attacker can exploit this path traversal vulnerability by importing a specially crafted .zrp archive. This malicious archive contains a symlinked notes.txt file that bypasses directory confinement checks, allowing the attacker to read or write arbitrary files...

CVE-2026-3219

A flaw was found in pip. This vulnerability occurs because pip incorrectly processes concatenated tar and ZIP files as ZIP files, regardless of their true format. This improper handling can lead to confusing installation behavior, potentially causing the installation of unintended or 'incorrect'...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...

CVE-2026-41245

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...

CVE-2026-41245 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...