692 matches found
CVE-2026-12482
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
Linux Distros Unpatched Vulnerability : CVE-2026-12482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in...
CVE-2026-15028
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
UBUNTU-CVE-2026-15028
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
CVE-2026-15028
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
EUVD-2026-42865
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
CVE-2026-15028
In libarchive, CVE-2026-15028 describes a heap overflow triggered while parsing a tar archive’s PAX extended header with a malformed SUN.holesdata sparse-file attribute. The vulnerability is exploitable remotely to cause DoS or potentially arbitrary code execution on affected systems. The root ca...
CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
PT-2026-57143
Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description A flaw in the parsing of a PAX extended header allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue specifically occurs when processi...
Linux Distros Unpatched Vulnerability : CVE-2026-15028
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue...
CVE-2026-59874
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...
UBUNTU-CVE-2026-59871
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...
UBUNTU-CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the parsing process of a tar archive containing a PAX extended header with a malformed SUN.holesdata sparse-file attribute. An attacker can cause a heap overflow and out-of-bounds read by supplying a...
CVE-2026-57516
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
CVE-2026-57516 Ray < 2.56.0 Unsafe Deserialization RCE via WebDataset Reader
Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...
CVE-2026-57516
Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...
Astra Linux – Vulnerability in busybox
A flaw was discovered in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by creating a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead...