Lucene search
+L

82 matches found

cvelist
cvelist
added 2026/06/22 2:55 p.m.37 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
cve
cve
added 2026/06/22 2:55 p.m.65 views

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/06/22 2:55 p.m.2 views

CVE-2026-53655 node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References3
osv
osv
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
patchstack
patchstack
added 2026/06/15 5:19 p.m.5 views

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential file smuggling vulnerability discovered by ? in WordPress Npm tar versions = 7.5.15...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References2Affected Software1
github
github
added 2026/06/15 5:19 p.m.48 views

node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.4AI score0.00107EPSS
Exploits1References2Affected Software1
redhat
redhat
added 2026/04/28 6:40 a.m.1 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
nvd
nvd
added 2026/04/26 10:17 p.m.5 views

CVE-2018-25292

Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an...

6.9CVSS0.00137EPSS
Exploits0References4
redhat
redhat
added 2026/04/10 7:25 p.m.3 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
euvd
euvd
added 2026/03/22 3:31 p.m.8 views

EUVD-2019-19940

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

6.9CVSS6AI score0.00123EPSS
Exploits0References4
euvd
euvd
added 2026/03/22 3:31 p.m.6 views

EUVD-2019-19934

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS6AI score0.00192EPSS
Exploits1References4
nvd
nvd
added 2026/03/22 2:16 p.m.5 views

CVE-2019-25596

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS0.00192EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/22 1:38 p.m.4 views

CVE-2019-25599

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

6.9CVSS6AI score0.00123EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/03/22 1:38 p.m.31 views

CVE-2019-25599 Backup Key Recovery 2.2.4 Denial of Service via Name Field

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

6.9CVSS0.00123EPSS
Exploits0References3
cve
cve
added 2026/03/22 1:38 p.m.7 views

CVE-2019-25599

Backup Key Recovery 2.2.4 is affected by a local Denial of Service vulnerability triggered by an excessively long Name field during registration (buffer of 300+ characters). The issue is due to input handling in the Name field, leading to application crash. Connected documents confirm the vulnera...

6.9CVSS6AI score0.00123EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/22 1:38 p.m.5 views

CVE-2019-25599 Backup Key Recovery 2.2.4 Denial of Service via Name Field

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

6.9CVSS6AI score0.00123EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/22 1:38 p.m.3 views

CVE-2019-25596

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS6AI score0.00192EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/03/22 12:0 a.m.6 views

PT-2026-26987

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash wh...

6.9CVSS6AI score0.00123EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/22 12:0 a.m.5 views

PT-2026-26984

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration t...

6.9CVSS6AI score0.00192EPSS
Exploits1References4
cvelist
cvelist
added 2026/03/21 12:46 p.m.28 views

CVE-2019-25554 Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field

Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...

6.8CVSS0.00192EPSS
Exploits1References3
Rows per page
Query Builder