Lucene search
K

88 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in tar

In GNU tar before version 1.35, mishandling of extension attributes in a PAX archive can cause the application to crash in xheader.c...

6.2CVSS6.3AI score0.00283EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.6 views

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2210)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

7.5CVSS7.2AI score0.00693EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.6 views

CVE-2026-9538

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...

7.5CVSS5.5AI score0.00437EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 3:56 p.m.5 views

CVE-2026-48104

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

decompress 安全漏洞

Decompress is a file decompression tool personally developed by Kevin Mårtensson. Decompress has a security vulnerability; this vulnerability arises when decompressing a ZIP archive that contains two entries with the same path. Due to issues with the order of micro-task processing, arbitrary file...

6.4CVSS5.5AI score0.00431EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0019EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Debian dla-4576 : p7zip - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4576 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4576-1 [email protected]...

8.4CVSS7.1AI score0.7104EPSS
Exploits15References22
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.12 views

CVE-2026-8012

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.9AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Google Chrome 跨站脚本漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site scripting vulnerability. This vulnerability stemmed from improper implementation of MHTML, and it could allow remote attackers to inject arbitrary scripts or HTML through...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 8:39 p.m.31 views

CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...

6.9CVSS0.00198EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 p.m.13 views

pip has an interpretation conflict due to handling both concatenated tar and ZIP files as ZIP files

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.2AI score0.00144EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/20 6:31 p.m.3 views

EUVD-2026-23866

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.7AI score0.00144EPSS
Exploits0References3
OSV
OSV
added 2026/04/20 2:7 p.m.5 views

OPENSUSE-SU-2026:20571-1 Security update for go1.26

This update for go1.26 fixes the following issues: - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.9AI score0.00536EPSS
Exploits0References21
OSV
OSV
added 2026/04/16 9:14 p.m.8 views

GHSA-HF5P-Q87M-CRJ7 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References5
OSV
OSV
added 2026/04/07 10:53 p.m.4 views

GO-2026-4869 Unbounded allocation for old GNU sparse in archive/tar

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...

5.5CVSS5.8AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/06 6:33 p.m.2 views

EUVD-2026-19317

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5CVSS5.9AI score0.0043EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 3:17 p.m.3 views

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5CVSS5.9AI score0.0043EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 12:7 p.m.5 views

RLSA-2026:5063 Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

7.5CVSS5.9AI score0.00693EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/14 4:19 p.m.116 views

BatiRaR

BatiRaR PoC...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/26 11:53 a.m.3 views

OPENSUSE-SU-2026:20273-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS6AI score0.00635EPSS
Exploits2References5
Rows per page
Query Builder