CVE-2026-39817

The CVE-2026-39817 issue concerns the Go tool chain: the go tool pack subcommand (used internally by the compiler) does not sanitize output filenames. This allows an attacker to craft a malicious archive that, when unpacked via pack, can write files to arbitrary locations on the filesystem. Repor...

seg6: separate dst_cache for input and output paths in seg6 lwtunnel

...

CVE-2026-23740

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...

CVE-2026-23740

Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...

EUVD-2021-13718

Malware in sbrugna...

SUSE CVE-2021-26936

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...

CVE-2021-26936

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...

CVE-2021-26936

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations...

CVE-2021-26936

Technical details about CVE-2021-26936 are not publicly provided in the supplied documents. Monitor for updates; no affected products, exact root cause, impact, or remediation are explicitly detailed here.