Lucene search
K

120 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS0.00107EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/04 2:26 a.m.9 views

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/27 4:14 a.m.4 views

SUSE CVE-2023-42503

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed...

5.5CVSS6.8AI score0.00489EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

RockyLinux 9 : image-builder (RLSA-2026:1377)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1377 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/05/21 4:30 p.m.16 views

image-builder security update

An update is available for image-builder. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A local binary for building customized OS artifacts such as VM images...

4.3CVSS5.8AI score0.00419EPSS
Exploits0
OSV
OSV
added 2026/05/21 4:30 p.m.19 views

RLSA-2026:1837 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.19 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

9.1CVSS6.9AI score0.00621EPSS
Exploits1References31
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.9 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
OSV
OSV
added 2026/05/06 12:9 p.m.6 views

SUSE-SU-2026:1715-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. -...

9.1CVSS6.1AI score0.00621EPSS
Exploits1References21
OSV
OSV
added 2026/05/04 7:44 p.m.8 views

GHSA-67WX-R9XR-X75X Incus has Unbounded YAML Metadata Decode via Parsing

Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References4
OSV
OSV
added 2026/05/04 7:38 p.m.7 views

GHSA-FWJ8-62R8-8P8M Incus has Nil-Pointer Dereference via S3 Bucket Import

Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...

6.5CVSS5.7AI score0.00394EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-37137

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...

6.5CVSS5.9AI score0.00394EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.86 views

RHCOS 4 : OpenShift Container Platform 4.21.1 (RHSA-2026:2082)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:2082 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Note that Nessus has not tested for this issue but has...

4.3CVSS5.9AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2026/04/23 4:38 p.m.9 views

SUSE-SU-2026:1580-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.6AI score0.00658EPSS
Exploits0References22
OSV
OSV
added 2026/04/20 2:2 p.m.8 views

OPENSUSE-SU-2026:20570-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.8AI score0.00658EPSS
Exploits0References19
OSV
OSV
added 2026/04/20 1:54 p.m.11 views

SUSE-SU-2026:21355-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to version go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.7AI score0.00658EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

SUSE SLES15: libpython3_10-1_0 / libpython3_10-1_0-32bit / python310 / etc (SUSE-SU-2026:1376-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1376-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to...

7.5CVSS6.7AI score0.00621EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2026/04/16 4:41 p.m.10 views

Security update for python

This update for python fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete control characte...

8.2CVSS5.8AI score0.00621EPSS
Exploits0References20
OSV
OSV
added 2026/04/16 1:30 p.m.5 views

SUSE-SU-2026:21254-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. - CVE-2026-3479: improper resource argument validation in pkgutil.getdata can lead to pa...

7.5CVSS4.7AI score0.00621EPSS
Exploits0References11
Rows per page
Query Builder