45 matches found
CVE-2026-44931
A flaw was found in malcontent. The newly introduced RecordUsage D-Bus Desktop Bus method in malcontent-timerd allows any user on the system to slowly consume disk space in the /var/lib/malcontent-timerd directory. This can lead to a Denial of Service DoS by exhausting available disk resources,...
Linux Distros Unpatched Vulnerability : CVE-2026-44931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer- service.c in...
EUVD-2026-29921
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
CVE-2026-44931
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
CVE-2026-44931
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
CVE-2026-44931 malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
CVE-2026-44931
CVE-2026-44931 affects malcontent-timerd. The newly added RecordUsage D-Bus method in libmalcontent-timer/child-timer-service.c (0.14.0) allows arbitrary system users to slowly exhaust disk space at /var/lib/malcontent-timerd. Metrics show local attack vector with no privileges required and no us...
CVE-2026-44931 malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
CVE-2026-44931
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...
malcontent 安全漏洞
Malcontent is a supply chain attack detection tool developed by Chainguard. Malcontent has a security vulnerability, which stems from the RecordUsage D-Bus method allowing arbitrary users to slowly fill the disk space in the /var/lib/malcontent-timerd directory...
PT-2026-40587
Name of the Vulnerable Software and Affected Versions malcontent version 0.14.0 Description A D-Bus method RecordUsage in malcontent-timerd allows arbitrary system users to exhaust disk space in the /var/lib/malcontent-timerd directory. Recommendations At the moment, there is no information about...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller, spire-server, newrelic-k8s-metadata-injection, dbmate, goreleaser, oras, polaris, dgraph, temporal, stakater-reloader, envoy-ratelimit, flux-image-automation-controller, malcontent, tailscale, kubewatch, nova, grafana-rollout-operator,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: terragrunt, kubevela, goreleaser, k8sgpt, nfpm, dgraph, malcontent, opentelemetry-collector, tempo, grafana, grafana-alloy, minio, loki, k3s, cri-tools, dagger, rclone, terraform-mcp-server, nuclei, gitlab-runner, lazygit, opentelemetry-collector-contrib, redpanda,...
SUSE CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
GO-2026-4583 malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability in github.com/chainguard-dev/malcontent
malcontent: Error-path cleanup gap can leak scanners and fds and degrade availability in github.com/chainguard-dev/malcontent...
GO-2026-4577 malcontent: Nested archive extraction failure can drop content from scan inputs in github.com/chainguard-dev/malcontent
malcontent: Nested archive extraction failure can drop content from scan inputs in github.com/chainguard-dev/malcontent...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper cleanup in error paths within resource extraction and scanning processes. An attacker can degrade system availability by causing resource leaks and exhausting file...
CVE-2026-28407
A flaw was found in malcontent, a software designed to discover supply-chain compromises. Prior to version 1.21.0, malcontent would remove nested archives that failed to extract, which could potentially leave malicious content unexamined. This oversight could allow an attacker to bypass security...
malcontent: Nested archive extraction failure can drop content from scan inputs
Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...
GHSA-945P-3JHM-6RCP malcontent: Nested archive extraction failure can drop content from scan inputs
Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...