338 matches found
EUVD-2025-37038
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
GHSA-29XP-372Q-XQPH node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
node-tar 安全漏洞
node-tar is a package for file compression/decompression by isaacs individual developers. A security vulnerability exists in node-tar version 7.5.1, which stems from the return of uninitialized memory contents when reading the contents of a tar entry using .t, which could lead to information...
PT-2025-44446
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...
EUVD-2021-1849
Malware in sbrugna...
EUVD-2021-1856
Malware in sbrugna...
EUVD-2019-0468
Malware in sbrugna...
EUVD-2024-0909
Malicious code in bioql PyPI...
Debian: Security Advisory (DLA-4313-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-6013-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-59343
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination...
[SECURITY] [DLA 4313-1] node-tar-fs security update
From: Xavier Guimard [email protected] To: [email protected] Subject: SECURITY DLA 4313-1 node-tar-fs security update - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4313-1 [email protected]...
[SECURITY] [DSA 6013-1] node-tar-fs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6013-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2025 https://www.debian.org/security/faq -...
Debian dla-4313 : node-tar-fs - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4313 advisory. [email protected] Subject: SECURITY DLA 4313-1 node-tar-fs security update - ------------------------------------------------------------------------- Debian...
DSA-6013-1 node-tar-fs - security update
Bulletin has no description...
Debian dsa-6013 : node-tar-fs - security update
The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6013 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6013-1 [email protected] https://www.debian.org/security/...
DLA-4313-1 node-tar-fs - security update
Bulletin has no description...