Lucene search
K

471 matches found

RedHat Linux
RedHat Linux
added 3 days ago3 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: perl-Archive-Tar security update

An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

RHSA-2026:30856 Red Hat Security Advisory: perl-Archive-Tar security update

Bulletin has no description...

8.2CVSS5.7AI score0.0043EPSS
Exploits0References10
OSV
OSV
added 3 days ago7 views

RHSA-2026:30852 Red Hat Security Advisory: perl-Archive-Tar security update

Bulletin has no description...

8.2CVSS5.7AI score0.0043EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 3 days ago5 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago7 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: perl-Archive-Tar security update

An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.1CVSS6AI score0.0043EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

RHEL 8 : perl:5.32 (RHSA-2026:30851)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30851 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes:...

9.1CVSS6.5AI score0.0043EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

RockyLinux 8 : perl:5.32 (RLSA-2026:30851)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:30851 advisory. perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access CVE-2026-42496 perl-IO-Compress: perl-IO-Compress:...

9.1CVSS6.4AI score0.0043EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.13.68 (RHSA-2026:26541)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26541 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

10CVSS7.2AI score0.01945EPSS
Exploits4References14
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in php-pear

In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...

7.1CVSS7.1AI score0.73377EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:28 p.m.6 views

OESA-2026-2678 perl-Archive-Tar security update

archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

9.1CVSS5.3AI score0.0043EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

9.1CVSS5.4AI score0.00437EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: perl-Archive-Tar

Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...

9.1CVSS5.5AI score0.00437EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

Amazon Linux 2023 : perl-Archive-Tar, perl-Archive-Tar-tests (ALAS2023-2026-1805)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1805 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink witho...

9.1CVSS5.6AI score0.00437EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.19 views

Amazon Linux 2 : perl-Archive-Tar, --advisory ALAS2-2026-3347 (ALAS-2026-3347)

The version of perl-Archive-Tar installed on the remote host is prior to 1.92-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3347 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extractio...

9.1CVSS5.6AI score0.00437EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

7.5CVSS5.5AI score0.00417EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/03 4:14 p.m.17 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 packages and security update

Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

7.8CVSS5.8AI score0.0138EPSS
Exploits6References2
Rows per page
Query Builder