923 matches found
RLSA-2026:5080 Important: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
CVE-2026-22895
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
EUVD-2026-13714
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
CVE-2026-22895
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
CVE-2026-22895
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
CVE-2026-22895 QuFTP Service
A cross-site scripting XSS vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version...
OESA-2026-1641 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
AlmaLinux 9 : libarchive (ALSA-2026:5080)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:5080 advisory. libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archivereaddata in libarchive CVE-2026-4111 Tenable has extracted the preceding description...
PT-2026-26637
Name of the Vulnerable Software and Affected Versions QuFTP Service versions prior to 1.4.3 QuFTP Service versions prior to 1.5.2 QuFTP Service versions prior to 1.6.2 Description A cross-site scripting XSS issue exists in QuFTP Service. A remote attacker who obtains an administrator account can...
libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
ALSA-2026:5080 Important: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
GHSA-QM7R-WWQ7-6F85 Statamic has a path traversal in file dictionary fieldtype
Impact Authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's endpoint. Patches This has been fixed in 5.73.14 and 6.7.0...
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
...
CVE-2026-4111
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop through the archivereaddata process. An attacker can exhaust system resources by submitting a specially crafted RAR5 archive that triggers an infinite loop during decompression. Remediation Upgrade libarchive to version...
CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
CVE-2026-4111
The issue CVE-2026-4111 affects the libarchive library, specifically the RAR5 decompression logic. The vulnerability resides in archive_read_data() where processing a specially crafted RAR5 archive can enter an infinite loop, preventing forward progress and causing continuous CPU usage. The affec...
CVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...
CVE-2026-24310
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...
CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...