453 matches found
CVE-2026-26157
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...
CVE-2026-26157
BusyBox contains an incomplete path sanitization vulnerability in its archive extraction utilities that can, under certain conditions, cause arbitrary file overwrites outside the target directory and may enable code execution through modification of sensitive system files. The description does no...
CVE-2026-26157
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...
Security update for python313-wheel
This update for python313-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2026:0425-1 Security update for python313-wheel
This update for python313-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...
Security update for python-wheel
This update for python-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2026:0424-1 Security update for python-wheel
This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...
PT-2026-7665
Name of the Vulnerable Software and Affected Versions BusyBox affected versions not specified Description A flaw exists in BusyBox’s archive extraction utilities due to incomplete path sanitization. An attacker can create malicious archives that, when extracted under specific conditions, may allo...
SUSE: Security Advisory (SUSE-SU-2026:20217-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 16 Security Update : python-wheel (openSUSE-SU-2026:20147-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20147-1 advisory. - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Tenable has extracted the preceding...
OPENSUSE-SU-2026:20147-1 Security update for python-wheel
This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...
SUSE-SU-2026:20217-1 Security update for python-wheel
This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
GHSA-GF2C-JWCJ-X929 vlt Mishandles Path Sanitization for tar
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
CVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...
MiracleLinux 8 : nodejs:14 (AXSA:2021-2448:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2448:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
EUVD-2026-2909
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
Summary The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and...