113 matches found
BIT-PYTHON-MIN-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It’s possible to cause the allocation length to overflow with a specially crafted tar file, resulti...
CVE-2026-3219
pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...
SUSE-SU-2026:20134-1 Security update for busybox
This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget bsc1253245. - CVE-2025-46394: Fixed tar hidden files via escape sequence bsc1241661. Other fixes: - Set CONFIGFIRSTSYSTEMID to 201 to avoid confclict bsc1236670 - Fix unshar...
CVE-2026-23644
esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...
PT-2026-3403
Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 0.0.0-20260116051925-c62ab83c589e Description esm.sh is a content delivery network for web development. Versions prior to pseudoversion 0.0.0-20260116051925-c62ab83c589e contain a path traversal issue. The issue stems...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality [CVE-2025-59343]
Summary Node.js module tar-fs is used by IBM App Connect Enterprise Certified Container for processing tar files and streams. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
EUVD-2008-7103
Malware in sbrugna...
EUVD-2006-1327
Malware in sbrugna...
EUVD-2009-1269
Malware in sbrugna...
EUVD-2021-25568
Malware in sbrugna...
EUVD-2025-6946
Malicious code in bioql PyPI...
EUVD-2025-7031
Malicious code in bioql PyPI...
EUVD-2024-1952
Malicious code in bioql PyPI...
GHSA-VJ76-C3G6-QR5V tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
Impact v3.1.0, v2.1.3, v1.16.5 and below Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 Workarounds You can use the ignore option to ignore non files/directories. js ignore , header // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory...
Linux Distros Unpatched Vulnerability : CVE-2024-7776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to...
Vim has path traversial issue with tar.vim and special crafted tar files
...
Path Traversal
Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...
CVE-2025-53905
CVE-2025-53905 affects Vim where, prior to version 9.1.1552, the tar.vim plugin is vulnerable to a path traversal in crafted tar archives. This can allow overwriting arbitrary files when a user opens such archives; exploitation is feasible only with user interaction. Affected behavior includes po...