18 matches found
SUSE CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407
A flaw was found in malcontent, a software designed to discover supply-chain compromises. Prior to version 1.21.0, malcontent would remove nested archives that failed to extract, which could potentially leave malicious content unexamined. This oversight could allow an attacker to bypass security...
malcontent: Nested archive extraction failure can drop content from scan inputs
Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...
EUVD-2026-9078
malcontent: Nested archive extraction failure can drop content from scan inputs...
GHSA-945P-3JHM-6RCP malcontent: Nested archive extraction failure can drop content from scan inputs
Previously, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archives so that malcontent can attempt a best-effort scan of the archive bytes. Fix:...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to the extractNestedArchive function. An attacker can cause incomplete scanning of potentially malicious content by supplying nested archives that fail to extract. Remediation...
CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
CVE-2026-28407
CVE-2026-28407 affects malcontent (software for supply‑chain analysis). Prior to version 1.21.0, it could drop or discard nested archives that failed to extract, potentially omitting content from scans. The root cause is the removal of nested archives during processing. Version 1.21.0 fixes the i...
CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs
malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...
PT-2026-22408
Name of the Vulnerable Software and Affected Versions malcontent versions prior to 1.21.0 Description malcontent is software designed for identifying supply-chain compromises using context, differential analysis, and YARA. Before version 1.21.0, the software removed nested archives that failed to...
malcontent 安全漏洞
Malcontent is a supply chain attack detection tool developed by Chainguard. Versions of Malcontent prior to 1.21.0 contained a security vulnerability. This vulnerability stemmed from the deletion of nested archives that failed to extract data, potentially leaving malicious content behind...
CVE-2025-65806
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...
Pandora 输入验证错误漏洞
Pandora is an analysis framework for finding out if a file is suspicious and displaying the results conveniently. A security vulnerability exists in Pandora version 1.3.0, which stems from the fact that workers/extractor.py allows denial of service when an attacker submits a deeply nested ZIP...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-finder A Python3 script to scan the filesystem to find...