Lucene search
K

164 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-4360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...

2CVSS6AI score0.00304EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
CVE
CVE
added 5 days ago8 views

CVE-2026-4360

CVE-2026-4360 affects Python’s tarfile module, where TarFile.extract() fails to propagate the filter parameter for hardlinks, allowing extraction from untrusted tar archives to write files with unexpected uid/gid even when filter='data' is requested. The issue is documented in CPython commits/iss...

2CVSS5.8AI score0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 4:4 p.m.43 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00613EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Git

Git is a revision control system. Before versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contained symlinks through the filesystem, Git might create hardlinks to arbitrary user-readable files within the same filesystem as the target...

7.1CVSS6.8AI score0.00956EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26158)

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS7.1AI score0.0016EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.35 views

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 2:16 a.m.8 views

DEBIAN-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 a.m.16 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS0.00417EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 2:16 a.m.6 views

UBUNTU-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/26 12:17 a.m.8 views

CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

5.8AI score0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/26 12:17 a.m.80 views

CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

0.00417EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 12:17 a.m.12 views

EUVD-2026-31777

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

5.8AI score0.0043EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/26 12:17 a.m.11 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.00417EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43163

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. The function make special file passes the tar header's linkname to...

7.5CVSS5.4AI score0.00417EPSS
Exploits0References18
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.15 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...

7.5CVSS7.1AI score0.02416EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:36 p.m.8 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.28 views

CVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replay

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to ...

0.00112EPSS
Exploits0References3
Rows per page
Query Builder