Lucene search
K

680 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-15028

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-15028

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-15028

In libarchive, CVE-2026-15028 describes a heap overflow triggered while parsing a tar archive’s PAX extended header with a malformed SUN.holesdata sparse-file attribute. The vulnerability is exploitable remotely to cause DoS or potentially arbitrary code execution on affected systems. The root ca...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42865

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-15028 Libarchive: heap overflow oob read while parsing a tar archive contains a pax extended header

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-15028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue...

3.9CVSS6.3AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 5 days ago16 views

CVE-2026-59874

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS0.00358EPSS
Exploits1References3
NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS0.00493EPSS
Exploits1References5
CVE
CVE
added 2026/07/01 4:36 p.m.21 views

CVE-2026-57516

Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...

8.8CVSS6.6AI score0.00493EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/30 2:45 p.m.8 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS5.8AI score0.00235EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/25 3:26 p.m.7 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.8AI score0.00197EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in busybox

A flaw was discovered in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by creating a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead...

7CVSS7.1AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2026-54417

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 1:25 p.m.31 views

CVE-2026-54417 Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.27 views

PT-2026-49604

Name of the Vulnerable Software and Affected Versions Buildah versions prior to 1.43.2 Buildah versions prior to 1.44 Podman versions prior to 5.8.3 Description When processing build contexts or add/copy instructions, a malicious server serving a Git repository or a tar archive file can cause fil...

6.3CVSS5.8AI score
Exploits0References12
CVE
CVE
added 2026/06/12 10:16 p.m.27 views

CVE-2026-6676

CVE-2026-6676 is a heap-based out-of-bounds write in Avira Antivirus engine when scanning a malformed POSIX tar archive. Affects Windows, macOS, and Linux engine builds prior to 8.3.27.12. It may enable local code execution or cause a denial-of-service of the antivirus engine process. The descrip...

7.8CVSS5.6AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 10:16 p.m.9 views

CVE-2026-6676 Avira antivirus engine heap buffer OOB write when scanning a malformed POSIX tar archive

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...

7.8CVSS5.7AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 3:20 p.m.13 views

EEF-CVE-2026-49755 Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies

Summary Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decode\body/1 and...

8.2CVSS5.5AI score0.00438EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

TencentOS Server 4: perl-Archive-Tar (TSSA-2026:0424)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0424 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.1CVSS5.6AI score0.0043EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS5.5AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder