EUVD-2026-34198

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

info-security-portfolio

Information Security Portfolio A curated collection of nine e...

CVE-2026-40339

A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackSonyDPD function due to a missing bounds check when reading the FormFlag byte. This flaw could allow an attacker to disclose sensitive information from memory...

Amazon Linux 2023 : below (ALAS2023-2026-1567)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1567 advisory. tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As par...

CVE-2026-23403

CVE-2026-23403 concerns the AppArmor memory leak in Linux kernel’s verify_header. The issue arises because a function sets *ns = NULL on every call, leaking the previously allocated namespace string across successive profile unpackings and causing namespace consistency checks to see NULL for *ns....

PT-2026-29486

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a memory leak in the verify header function within the AppArmor subsystem. The function incorrectly set ns to NULL on each call, leading to a memory leak of th...

tar-rs `unpack_in` can chmod arbitrary directories by following symlinks

Summary When unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes...

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Pip Vulnerable to Path Traversal via Lack of Symbolic Link Validation in 'unpacking.py‎' File

Pip is vulnerable to path traversal due to a lack of validation for symbolic links when Pip is used with instances of python which do not implement PEP 706. This could allow a remote attacker to extract a tar file outside of the intended directory...

RockyLinux 9 : munge (RLSA-2026:3034)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3034 advisory. MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery CVE-2026-25506 Tenable has extracted the preceding description...

EUVD-2026-8778

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor asynctar::Archive::unpack creates symlinks from the archive without validation, and the path guard writeablepathfromextension only performs lexical prefix checks without resolving...

RLSA-2026:3032 Important: munge security update

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

ALSA-2026:3033 Important: munge security update

MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...

Arbitrary Code Injection

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Arbitrary Code Injection via the unzipiter function due to the lack of validation before unpacking untrusted downloaded packages. An attacker c...

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

RHEL 10 : python-wheel (RHSA-2026:2865)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2865 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

Security update for munge

This update for munge fixes the following issues: CVE-2026-25506: buffer overflow in message unpacking bsc1257651. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...