Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

SUSE-SU-2026:2313-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

SUSE-SU-2026:21880-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

RLSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.32 security and extras update

Red Hat OpenShift Container Platform release 4.19.32 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

EUVD-2026-31777

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

Linux Distros Unpatched Vulnerability : CVE-2026-9538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload wi...

archive-tar-new 安全漏洞

archive-tar-new is a Perl module developed by Jos Boumans, used for creating and manipulating tar files in memory. Versions of archive-tar-new prior to version 3.10 contained security vulnerabilities. These vulnerabilities stemmed from the readtar function, which did not set an upper limit when...

Astra Linux - уязвимость в tar

In the sparse.c file of GNU Tar, before version 1.32, there was a NULL pointer dereferencing issue when parsing certain archives that contained malformed extended headers...

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check

A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink...

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

ALSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...