301 matches found
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
mariadb: mbstream: Unauthorized file creation via path traversal
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
CVE-2026-14164
A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: AppArmor: A memory leak was fixed in the verifyheader function. The function sets ns = NULL on every call, causing a memory leak for the namespace string allocated in previous iterations when multiple profiles are unpacked. This...
CVE-2026-44171
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...
BIT-MYSQL-CLIENT-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
BIT-MARIADB-MIN-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
BIT-MARIADB-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
ALPINE-CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
EUVD-2026-36516
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171
CVE-2026-44171 describes a path traversal vulnerability in MariaDB’s mbstream during archive extraction. Affected releases are MariaDB server branches: 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 12.3.1. A crafted archive could cause mbstream to create files outside the i...
EUVD-2026-34198
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
Linux Distros Unpatched Vulnerability : CVE-2026-46254
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and a...
info-security-portfolio
Information Security Portfolio A curated collection of nine e...
CVE-2026-40339
A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackSonyDPD function due to a missing bounds check when reading the FormFlag byte. This flaw could allow an attacker to disclose sensitive information from memory...