Lucene search
K

1005 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-4360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...

5.3CVSS6AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 3:16 p.m.2 views

DEBIAN-CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 3:16 p.m.8 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS0.00235EPSS
Exploits0References8
OSV
OSV
added 2026/06/30 3:16 p.m.4 views

UBUNTU-CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS5.8AI score0.00235EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/06/30 2:45 p.m.5 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS5.8AI score0.00235EPSS
Exploits0
CVE
CVE
added 2026/06/30 2:45 p.m.25 views

CVE-2026-4360

Summary of CVE-2026-4360 (mode C) The issue concerns Python’s tarfile TarFile.extract() where the filter parameter is not correctly applied when extracting hardlinks. The vulnerability can allow an affected system that processes tar files from untrusted sources to write files with an unexpected u...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/30 2:45 p.m.58 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00235EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53894

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...

2CVSS6AI score0.00235EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-11972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the tarfile module with a file opened in streaming mode mode=r| the tarfile module did not properly handle EOF, making archive parsing take...

8.2CVSS6AI score0.00433EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 2:33 p.m.7 views

CVE-2026-11972

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-259 Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.5AI score0.0081EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:14 a.m.6 views

BIT-PYTHON-MIN-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 11:14 a.m.6 views

BIT-PYTHON-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:14 a.m.5 views

BIT-PYTHON-MIN-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:10 a.m.7 views

BIT-LIBPYTHON-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 11:10 a.m.5 views

BIT-LIBPYTHON-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.7AI score0.00613EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2466)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2507)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 8:16 p.m.4 views

UBUNTU-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References2
Rows per page
Query Builder