Lucene search
K

990 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...

2CVSS6AI score0.00304EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-4360

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
CVE
CVE
added 6 days ago8 views

CVE-2026-4360

CVE-2026-4360 affects Python’s tarfile module, where TarFile.extract() fails to propagate the filter parameter for hardlinks, allowing extraction from untrusted tar archives to write files with unexpected uid/gid even when filter='data' is requested. The issue is documented in CPython commits/iss...

2CVSS5.8AI score0.00304EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-11972

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References6
OSV
OSV
added last week5 views

PYSEC-2026-259 Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.5AI score0.0081EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2507)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : python3 (EulerOS-SA-2026-2466)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickli...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:31 p.m.5 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 7:31 p.m.6 views

EUVD-2026-39879

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:31 p.m.11 views

CVE-2026-29509

Patool before 4.0.5 is vulnerable to a path traversal in the safe_extract() function (patoolib/programs/py_tarfile.py). The is_within_directory() helper uses character-level comparison via os.path.commonprefix(), not path-level checks, allowing a crafted archive member path to bypass containment ...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 12:30 a.m.10 views

EUVD-2026-38630

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 11:16 p.m.11 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 11:16 p.m.3 views

UBUNTU-CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/23 10:2 p.m.41 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS0.00433EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/23 10:2 p.m.6 views

CVE-2026-11972 tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 10:2 p.m.5 views

PSF-2026-31

When using the "tarfile" module with a file opened in "streaming mode" mode="r|" the tarfile module did not properly handle EOF, making archive parsing take exponentially longer...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
CVE
CVE
added 2026/06/23 10:2 p.m.45 views

CVE-2026-11972

CVE-2026-11972: The Python tarfile module may loop indefinitely when parsing archives opened in streaming mode (mode="r|") due to improper EOF handling. Affects the tarfile parsing path and could cause high impact availability issues; the description confirms the root cause but the connected docu...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References9
Rows per page
Query Builder