216 matches found
ROOT-APP-NPM-CVE-2026-31802 CVE-2026-31802 in @rootio/tar - Patched by Root
Root has patched CVE-2026-31802 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-23745 CVE-2026-23745 in @rootio/tar - Patched by Root
Root has patched CVE-2026-23745 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-24842 CVE-2026-24842 in @rootio/tar - Patched by Root
Root has patched CVE-2026-24842 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2024-28863 CVE-2024-28863 in @rootio/tar - Patched by Root
Root has patched CVE-2024-28863 in the @rootio/tar package for Root:npm. Multiple fixed versions available...
MGASA-2026-0168 Updated tar packages fix security vulnerability
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...
SUSE: Security Advisory (SUSE-SU-2026:1177-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:1177-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-8138-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2026-1299)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Directory Traversal
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...
Directory Traversal
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via processing of hardlinks. An attacker can read or overwrite arbitrary files on the file system by crafting a malicious TAR archive that bypasses path traversal protections...
Directory Traversal
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via processing of hardlinks. An attacker can read or overwrite arbitrary files on the file system by crafting a malicious TAR archive that bypasses path travers...
Fedora 44 : tar (2026-0895af5ebe)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0895af5ebe advisory. Automatic update for tar-1.35-8.fc44. Changelog Wed Jan 21 2026 Pavel Cahyna - 2:1.35-8 - Backport upstream fix for savannah bug 65838, commit 1e6ce98e...
Improper Handling of Unicode Encoding
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS. An attacker can overwrite arbitrary files by exploiting Unicode...
MiracleLinux 9 : tar-1.34-6.el9 (AXSA:2023-5176:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5176:02 advisory. tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 Tenable has extracted the preceding description block directl...
MiracleLinux 8 : tar-1.30-6.el8.1 (AXSA:2023-5142:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5142:01 advisory. tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 Tenable has extracted the preceding description block directl...
Directory Traversal
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links ...
Directory Traversal
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links by crafting a ta...
EUVD-2020-14699
Malware in sbrugna...
EUVD-2017-0237
Malware in sbrugna...