CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

CVE-2026-23949

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...

CVE-2026-23949

CVE-2026-23949 affects the Python package jaraco.context. The vulnerability is a Zip Slip path traversal in the jaraco.context.tarball() function, present in versions 5.2.0 up to, but not including, 6.1.0. The issue arises from how paths are split by strip_first_component, which can allow travers...

MiracleLinux 7 : binutils-2.27-44.base.el7.1 (AXSA:2021-2508:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2508:04 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : xmlrpc-c-1.51.0-5.el8.1 (AXSA:2022-3167:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3167:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 Tenable has extracted the preceding description block...

MiracleLinux 9 : less-590-2.el9 (AXSA:2023-6105:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6105:01 advisory. less: crafted data can result in less -R not filtering ANSI escape sequences sent to the terminal CVE-2022-46663 Tenable has extracted the preceding...

MiracleLinux 7 : glibc-2.17-322.el7 (AXSA:2021-1374:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1374:01 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: stack corruption fr...

MiracleLinux 8 : firefox-91.7.0-3.el8.ML.1 (AXSA:2022-3095:06)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3095:06 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 8 : mingw-expat-2.4.8-1.el8 (AXSA:2022-4252:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4252:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 8 : binutils-2.30-108.el8.1 (AXSA:2022-2955:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2955:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 7 : pcs-0.9.169-3.el7.3 (AXSA:2022-4104:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4104:06 advisory. rubygem-rack: crafted requests can cause shell escape sequences CVE-2022-30123 jquery: Prototype pollution in object's prototype leading to denial o...

MiracleLinux 8 : expat-2.2.5-4.el8.3 (AXSA:2022-3114:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3114:01 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

MiracleLinux 4 : glibc-2.12-1.212.3.1.AXS4 (AXSA:2021-1437:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1437:03 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: stack corruption fr...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

Linux Distros Unpatched Vulnerability : CVE-2026-23949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the...

MiracleLinux 8 : grub2-2.02-142.el8.1.ML.1 (AXSA:2023-4726:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4726:01 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

MiracleLinux 9 : grub2-2.06-46.el9.3.ML.1 (AXSA:2023-5114:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5114:03 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

MiracleLinux 7 : firefox-91.7.0-3.0.1.el7.AXS7 (AXSA:2022-3096:07)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3096:07 advisory. Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 expat: Malformed ...

MiracleLinux 8 : python-cryptography-3.2.1-4.el8 (AXSA:2021-2026:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2026:02 advisory. python-cryptography: bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 python-cryptography: certain sequences of update call...

MiracleLinux 8 : gcc-toolset-11-annobin-9.85-1.el8.1, gcc-toolset-11-binutils-2.36.1-1.el8.1, gcc-toolset-11-gcc-11.2.1-1.2.el8 (AXSA:2021-2882:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2882:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...