Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect o...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: The BUG function is removed after failing to insert a delayed directory index entry. Instead of calling BUG when we fail to insert a delayed directory index entry into the delayed node’s tree, we can simply release all the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the exFAT driver of the Linux kernel. The vulnerability resides in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long...

SUSE CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

Ruby Rack < 2.2.22 / 3.0.0.beta1 < 3.1.20 / 3.2.0 < 3.2.5 Multiple Vulnerabilities

The version of the Rack Ruby library installed on the remote host is prior to 2.2.22, 3.x prior to 3.1.20, or 3.2.x prior to 3.2.5. It is, therefore, affected by multiple vulnerabilities: - Rack::Directory’s path check used a string prefix match on the expanded path. A request like...

CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

UBUNTU-CVE-2026-25500

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2026-25500 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2023-54158 btrfs: don't free qgroup space unless specified

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect o...

Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2023-4273)

This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stac...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a system index node linking to a directory hierarchy, which could lead to further file system corruption and...

EUVD-2014-7132

Malware in sbrugna...

EUVD-2022-2146

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated rparent leading to a contention condition that could cause a state change to be applied to th...

Vegagrup Software Vega Master 安全漏洞

Vegagrup Software Vega Master is a web-based reporting system from Vegagrup Software, Turkey. A security vulnerability exists in Vegagrup Software Vega Master versions v.1.12.35 through 20250916, which stems from a directory index that exposes sensitive system information...

btrfs: remove BUG() after failure to insert delayed dir index item

...

CVE-2023-52569 btrfs: remove BUG() after failure to insert delayed dir index item

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG after failure to insert delayed dir index item Instead of calling BUG when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquire...

DEBIAN-CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file...