24 matches found
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...
Ubuntu: Security Advisory (USN-7979-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2026:20139-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES16 Security Update : python-jaraco.context (SUSE-SU-2026:20139-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:20139-1 advisory. - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal bsc1256954. Tenable has extracted the preceding description block...
openSUSE 16 Security Update : python-jaraco.context (openSUSE-SU-2026:20095-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20095-1 advisory. - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal bsc1256954. Tenable has extracted the preceding description block directly fro...
SUSE-SU-2026:20139-1 Security update for python-jaraco.context
This update for python-jaraco.context fixes the following issues: - CVE-2026-23949: Fixed malicious tar archives may lead to path traversal bsc1256954...
SUSE CVE-2026-23949
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...
CVE-2026-23949 jaraco.context Has a Path Traversal Vulnerability
jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the jaraco.context.tarball function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract file...
CVE-2026-23949
CVE-2026-23949 affects the Python package jaraco.context. The vulnerability is a Zip Slip path traversal in the jaraco.context.tarball() function, present in versions 5.2.0 up to, but not including, 6.1.0. The issue arises from how paths are split by strip_first_component, which can allow travers...
Linux Distros Unpatched Vulnerability : CVE-2026-23949
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the...
afipcaeqrdecode (=0.0.15), afw (>=0.0.6 <=0.0.21) +209 more potentially affected by CVE-2026-23949 via jaraco-context (>=5.3.0 <=6.0.2)
jaraco-context PYPI version =5.3.0, =0.0.6, =0.1.0, =0.1.23, =0.0.1, =0.9.5, =1.0.5, =0.1.6, =0.1.0, =0.0.2, =0.1.2, =1.0.1, =1.0.1.9 - azvaultcopy =1.0.0b1 and more Source cves: CVE-2026-23949 Source advisory: OSV:GHSA-58PV-8J8X-9VJ2...
CVE-2026-23949
creationtimestamp| type| source ---|---|--- 2026-01-13 02:50:10+00:00| published-proof-of-concept| https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2 2026-01-20 01:50:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mct265xpal2i 2026-01-20...
CVE-2025-23949
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...
CVE-2025-23949 WordPress Improved Sale Badges – Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...
CVE-2024-23949
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...
CVE-2024-23949
CVE-2024-23949 affects libigl v2.5.0, specifically the readMSH/file parsing path: igl::MshLoader::parse_node_field when handling an ascii/.msh file. The root cause is improper array index validation, leading to an out-of-bounds write with a specially crafted .msh file. No explicit remediation or ...
SUSE CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar...
CVE-2023-23949
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...
CVE-2023-23949
CVE-2023-23949 is described across multiple sources as a client-side cross-site scripting vulnerability triggered by an authenticated user supplying malicious HTML/JavaScript, leading to code execution in the victim’s browser. Connected document detail confirms the affected product is Symantec Id...
CVE-2022-23949
creationtimestamp| type| source ---|---|--- 2022-09-21 22:41:35+00:00| seen| https://t.me/cibsecurity/50234...