11 matches found
EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2026-2294)
According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...
CVE-2026-8012
An inappropriate implementation flaw was found in the MHTML component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496628298...
PT-2026-26727
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...
GHSA-R92C-9C7F-3PJ8 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format
Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...
Huawei EulerOS: Security Advisory for busybox (EulerOS-SA-2026-1042)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2025:4487-1 Security update for python36
This update for python36 fixes the following issues: - CVE-2025-6075: quadratic complexity in os.path.expandvars can lead to performance degradation when values passed to it are user-controlled bsc1252974. - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory EOCD record...
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 CVSS score: 8.1, has been...
Linux Distros Unpatched Vulnerability : CVE-2018-10115
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a...
Medium: python26
Issue Overview: A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and...
GHSA-3C67-GC48-983W Path Traversal in Ansible
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...
UBUNTU-CVE-2016-10160
Off-by-one error in the pharparsepharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch...