CVE-2026-24846 malcontent's archive extraction could write outside extraction directory

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

DEBIAN-CVE-2025-38034

In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelimref arguments in btrfsprelimref btrfsprelimref calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to...

The vulnerability of the PowerScale OneFS operating system, related to calling a function with an intentionally incorrect argument, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the PowerScale OneFS operating system lies in the execution of a function with an intentionally incorrect argument. Exploiting this vulnerability allows a remote attacker to disclose sensitive information that is protected by the system’s security measures...