7 matches found
DEBIAN-CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
USN-8467-1: Perl vulnerabilities
It was discovered that Perl's Archive::Tar module incorrectly handled symlink and hardlink targets during extraction. An attacker could use this issue to read or overwrite arbitrary files outside the extraction directory. CVE-2026-42496 It was discovered that Perl had a heap buffer overflow when...
EUVD-2019-0484
Malware in sbrugna...
EUVD-2019-0483
Malware in sbrugna...
CVE-2018-20835
A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the...
Important: git
Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...
SUSE-SU-2019:2078-1 Security update for nodejs4
This update for nodejs4 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290...