7898 matches found
UBUNTU-CVE-2026-32766
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766
CVE-2026-32766 affects astral-tokio-tar
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
CVE-2026-32766
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...
Google Chrome < 146.0.7680.153 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.153. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop18 advisory. - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allow...
PT-2026-26588
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which stemmed from the Extensions component reusing objects after they were released. This vulnerability could allow attackers to exploit...
Google Chrome < 146.0.7680.153 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.153. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop18 advisory. - Use after free in Extensions in Google Chrome prior to 146.0.7680.153...
Linux Distros Unpatched Vulnerability : CVE-2026-4458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2026-4458
Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
CLSA-2026-1773930007 Fix CVE(s): CVE-2026-3731
SECURITY UPDATE: out-of-bounds read from manipulated SFTP extension index - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read in sftp extensions by replacing '' with '=' in index checks; cause: off-by-one error in index comparison allowing idx equal count. - CVE-2026-3731...
Incorrect Bitwise Shift of Integer
Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer in the zisofs decompression process due to improper validation of the pzlog2bs field from ISO9660 Rock Ridge extensions. An attacker can cause application crashes and service disruption by supplying a...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CVE-2026-4426
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...
CLSA-2026-1773929316 Fix CVE(s): CVE-2026-3731
SECURITY UPDATE: remote out-of-bounds read in SFTP extension name handler - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read from sftp extensions; correct index comparison from '' to '=' and prevent access past extension count. - CVE-2026-3731...
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to...