CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16953 matches found

OSV•added 2025/11/06 12:58 p.m.•3 views

BIT-GOLANG-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS6.4AI score0.00374EPSS

Exploits0References6

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989583)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989583 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's...

5.5CVSS6AI score0.0024EPSS

Exploits0References4

OSV•added 2025/11/04 4:13 p.m.•5 views

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

7.5CVSS6.6AI score0.00573EPSS

Exploits0References3

OSV•added 2025/11/03 3:23 p.m.•2 views

JLSEC-2025-197 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.9AI score0.00433EPSS

Exploits1References6

RedhatCVE•added 2025/11/03 1:51 p.m.•2 views

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

7.5CVSS5.8AI score0.00374EPSS

Exploits0References7

Apple•added 2025/11/03 12:0 a.m.•1143 views

About the security content of Xcode 26.1

About the security content of Xcode 26.1 This document describes the security content of Xcode 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS7.1AI score0.00305EPSS

Exploits0References1Affected Software1

Apple•added 2025/11/03 12:0 a.m.•35 views

About the security content of Xcode 26.1

8.8CVSS6AI score0.00305EPSS

Exploits0References1Affected Software1

AstraLinux•added 2025/11/01 10:54 a.m.•1 views

Astra Linux – Vulnerability in tar

The vulnerability of the extractfile function in the GNU Tar archive viewer is related to reading data beyond the buffer’s allowed limits. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

5.5CVSS5.5AI score

Exploits0References2

AstraLinux•added 2025/11/01 10:54 a.m.•2 views

Astra Linux – Vulnerability in gnutls28

A heap-buffer-overflow off-by-one flaw was discovered in the GnuTLS software during the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds OOB NULL pointer write, resulting in memory corruption a...

8.2CVSS6.5AI score0.0072EPSS

Exploits0References3

OSV•added 2025/10/31 2:13 p.m.•2 views

OESA-2025-2569 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the...

7.8CVSS7.1AI score0.0023EPSS

Exploits1References2

OSV•added 2025/10/31 2:13 p.m.•3 views

OESA-2025-2568 gdb security update

7.8CVSS7.1AI score0.0023EPSS

Exploits1References2

OSV•added 2025/10/31 2:13 p.m.•4 views

OESA-2025-2567 gdb security update

7.8CVSS7.1AI score0.0023EPSS

Exploits1References2

Microsoft CVE•added 2025/10/31 8:4 a.m.•2 views

Unbounded allocation when parsing GNU sparse map in archive/tar

...

5.5CVSS7AI score0.00374EPSS

Exploits0

SUSE CVE•added 2025/10/31 12:35 a.m.•1 views

SUSE CVE-2025-10934

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00391EPSS

Exploits0References8

Tenable Nessus•added 2025/10/30 12:0 a.m.•5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : GNU binutils vulnerabilities (USN-7847-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7847-1 advisory. It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or...

7.8CVSS6.7AI score0.00619EPSS

Exploits9References12

OpenVAS•added 2025/10/30 12:0 a.m.•2 views

Ubuntu: Security Advisory (USN-7847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.8AI score0.00619EPSS

Exploits9References2

OSV•added 2025/10/29 11:16 p.m.•5 views

AZL-69302 CVE-2025-58183 affecting package moby-engine for versions less than 25.0.3-14

4.3CVSS7AI score0.00374EPSS

Exploits0References1