Lucene search
+L

286 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43620

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...

3.1CVSS6.1AI score0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 3:23 p.m.2 views

CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS6.9AI score0.00358EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2026/07/06 11:57 a.m.6 views

USN-8510-1: tar vulnerability

It was discovered that tar incorrectly handled symlinks when extracting archives. An attacker could possibly use this issue to overwrite arbitrary files...

4.1CVSS6.5AI score0.00433EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

RHEL 10 : perl-Archive-Tar (RHSA-2026:30857)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30857 advisory. Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also...

9.1CVSS7.3AI score0.0043EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.6 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 8:57 p.m.5 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/06/25 8:57 p.m.13 views

USN-8477-1: tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next head...

6.9CVSS6.1AI score0.00107EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

5.5CVSS5.9AI score0.00107EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

UBUNTU-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 2:55 p.m.2 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.7 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.5 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.4AI score0.00812EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.5 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.9CVSS7.4AI score0.00534EPSS
Exploits0Affected Software2
Snyk
Snyk
added 2026/06/15 5:19 p.m.9 views

Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:24 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

8.6CVSS6.1AI score0.00408EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/06/09 12:51 p.m.4 views

SUSE-SU-2026:2313-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.9AI score0.00917EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

8.6CVSS6.2AI score0.00408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.50 views

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

8.2CVSS6.4AI score0.00253EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2026/06/03 12:58 p.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

9.8CVSS7.6AI score0.02474EPSS
Exploits3References9
Rows per page
Query Builder