SUSE SLES15 Security Update : munge (SUSE-SU-2026:0450-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0450-1 advisory. - CVE-2026-25506: buffer overflow in message unpacking bsc1257651. - Make logrotate work on munge log as user munge. This prevents a local privilege...

SUSE-SU-2026:0451-1 Security update for munge

This update for munge fixes the following issues: - CVE-2026-25506: buffer overflow in message unpacking bsc1257651...

Security update for munge

This update for munge fixes the following issues: CVE-2026-25506: buffer overflow in message unpacking bsc1257651. Make logrotate work on munge log as user munge. This prevents a local privilege escalation bsc1246088. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2026:0450-1 Security update for munge

This update for munge fixes the following issues: - CVE-2026-25506: buffer overflow in message unpacking bsc1257651. - Make logrotate work on munge log as user munge. This prevents a local privilege escalation bsc1246088...

SUSE-SU-2026:0448-1 Security update for munge

This update for munge fixes the following issues: - CVE-2026-25506: buffer overflow in message unpacking bsc1257651. - Make logrotate work on log as user munge to prevent local privilege escalation bsc1246088...

Security update for munge

This update for munge fixes the following issues: CVE-2026-25506: buffer overflow in message unpacking bsc1257651. Make logrotate work on log as user munge to prevent local privilege escalation bsc1246088. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

MiracleLinux 9 : python3.12-wheel-0.41.2-3.el9_7.1 (AXSA:2026-150:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-150:01 advisory. wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking CVE-2026-24049 Tenable has extracted the preceding descripti...

RLSA-2026:1902 Important: python-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

python3.12-wheel security update

An update is available for python3.12-wheel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

RLSA-2026:1939 Important: python3.12-wheel security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 10 : python-wheel (RHSA-2026:1902)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1902 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file...

PT-2026-3917

Name of the Vulnerable Software and Affected Versions wheel versions 0.40.0 through 0.46.1 Description The 'wheel' package, a tool for manipulating Python wheel files, contains a flaw in the unpack function. This flaw allows for file permission modification through mishandling of file permissions...

GO-2026-4278 HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad

HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a missing unpacking jump in error handling that could lead to a null pointer dereference...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the unpack function during the artifact extraction due to the lack of header.Name validation in the said function. An attacker can create or overwrite arbitrary files within system directories by supplying a...

EUVD-2018-8239

Malware in sbrugna...

EUVD-2019-11342

Malware in sbrugna...