5358 matches found
ROOT-APP-NPM-CVE-2026-29786 CVE-2026-29786 in @rootio/tar - Patched by Root
Root has patched CVE-2026-29786 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24842 CVE-2026-24842 in @rootio/tar - Patched by Root
Root has patched CVE-2026-24842 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-28863 CVE-2024-28863 in @rootio/tar - Patched by Root
Root has patched CVE-2024-28863 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-23950 CVE-2026-23950 in @rootio/tar - Patched by Root
Root has patched CVE-2026-23950 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-23745 CVE-2026-23745 in @rootio/tar - Patched by Root
Root has patched CVE-2026-23745 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root
Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
Linux Distros Unpatched Vulnerability : CVE-2026-53655
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next head...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
DEBIAN-CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
UBUNTU-CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
CVE-2026-53655
node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...
CVE-2026-53655
node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Summary All components based on BaseFileComponent are vulnerable to the following vulnerability: 1. Docling DoclingInlineComponent 2. Docling Serve DoclingRemoteComponent 3. Read File FileComponent 4. NVIDIA Retriever Extraction NvidiaIngestComponent 5. Video File VideoFileComponent 6. Unstructur...
Astra Linux – Vulnerability in node-tar
The npm package “tar” also known as node-tar in versions prior to 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has a vulnerability related to arbitrary file creation/overwriting, due to insufficient symlink protection. node-tar aims to ensure that any file whose location would be modified by a symbolic link i...
Astra Linux – Vulnerability in tar
A flaw was discovered in the src/list.c file of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The greatest threat posed by this vulnerability is to system availability...