Lucene search
K

280 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.4 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 8:57 p.m.5 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next head...

6.9CVSS6.1AI score0.00107EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

5.5CVSS5.9AI score0.00107EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

UBUNTU-CVE-2026-53655

node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extend...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.5 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.9CVSS7.4AI score0.00534EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.4AI score0.00812EPSS
Exploits1Affected Software2
Snyk
Snyk
added 2026/06/15 5:19 p.m.7 views

Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:24 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

8.6CVSS6.1AI score0.00408EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/06/09 12:51 p.m.4 views

SUSE-SU-2026:2313-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.9AI score0.00917EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Node.js Module node-tar < 7.5.10 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.10. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a...

8.6CVSS6.2AI score0.00408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.49 views

Node.js Module node-tar < 7.5.11 Arbitrary File Overwrite

The version of node-tar installed on the remote host is prior to 7.5.11. It is, therefore, affected by a vulnerability: - node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a...

8.2CVSS6.4AI score0.00253EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2026/06/03 12:58 p.m.20 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

9.8CVSS7.6AI score0.01735EPSS
Exploits3References9
Mageia
Mageia
added 2026/06/02 5:23 a.m.17 views

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5.5CVSS5.7AI score0.0043EPSS
Exploits1References4
OSV
OSV
added 2026/06/01 10:42 a.m.8 views

SUSE-SU-2026:21880-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

7CVSS6AI score0.00917EPSS
Exploits1References12
OSV
OSV
added 2026/05/29 4:3 p.m.24 views

RLSA-2026:18480 Important: linux-sgx security update

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...

8.8CVSS7.2AI score0.01535EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

8.8CVSS7AI score0.01535EPSS
Exploits5References11
RedHat Linux
RedHat Linux
added 2026/05/27 8:55 a.m.28 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.32 security and extras update

Red Hat OpenShift Container Platform release 4.19.32 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

9.8CVSS6.9AI score0.01735EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.36 views

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References4
Rows per page
Query Builder