9 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-26158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar...
AZL-77606 CVE-2026-26158 affecting package busybox for versions less than 1.35.0-17
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
CVE-2026-26158 Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
Exploit for CVE-2025-11001
🔒 Se7enSlip - 7-Zip Vulnerability Scanner A stunning, interac...
Mageia: Security Advisory (MGASA-2020-0353)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : ark -- extraction outside of extraction directory (38fdf07b-e8ec-11ea-8bbe-e0d55e2a8bf9)
Albert Astals Cid reports : Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...
ark -- extraction outside of extraction directory
Albert Astals Cid reports: Overview A maliciously crafted TAR archive containing symlink entries would install files anywhere in the user's home directory upon extraction. Proof of concept For testing, an example of malicious archive can be found at dirsymlink.tar Impact Users can unwillingly...