158 matches found
EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2521)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
CVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...
CVE-2024-47856
In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...
TencentOS Server 3: php:8.0 (TSSA-2023:0257)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0257 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Nero BackItUp 安全漏洞
Nero BackItUp is a backup program from Nero. A security vulnerability exists in Nero BackItUp that stems from path resolution and UI rendering flaws that could lead to the execution of arbitrary code when a user clicks on a specially crafted entry...
Race Condition Enabling Link Following
Overview Affected versions of this package are vulnerable to Race Condition Enabling Link Following in the handling of procfs file writes. An attacker can cause arbitrary writes to sensitive files or trigger a denial of service by redirecting write operations through race conditions and...
PT-2025-45167
Name of the Vulnerable Software and Affected Versions Youki versions 0.5.6 and below Description Youki, a container runtime written in Rust, has an issue with its apparmor handling. Insufficiently strict write-target validation, combined with path substitution during pathname resolution, can allo...
EUVD-2024-2833
Malicious code in bioql PyPI...
EUVD-2024-51784
Malicious code in bioql PyPI...
CVE-2023-53260 ovl: fix null pointer dereference in ovl_permission()
In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlpermission Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathrealinode, &realpath path-dentry = ovlidentryupperinode dropcache dentrykillovldentry...
CVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
PT-2025-36849
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An improper resolution of path equivalence in Windows MapUrlToZone can allow an unauthorized attacker to bypass a security feature over a network. This security-feature bypass can affect th...
Hono 安全漏洞
Hono is a web framework written in TypeScript from the Hono community. A security vulnerability exists in Hono 4.9.5 and earlier versions, which stems from an error in the path resolution of the getPath function and could lead to bypassing proxy ACLs...
Linux Distros Unpatched Vulnerability : CVE-2024-21896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a...
Exploit for CVE-2024-32019
CVE-2024-32019 — Netdata ndsudo Local Privilege Escalation...
BIT-LIBPHP-2023-0568 Array overrun in common path resolve code
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...
PT-2025-32238
Name of the Vulnerable Software and Affected Versions tmp versions 0.2.3 and below Description The tmp node.js module versions 0.2.3 and below is susceptible to an arbitrary temporary file/directory write vulnerability due to improper handling of symbolic links when resolving paths. Specifically,...
CVE-2025-38416
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in success path Setting tty-discdata before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before...
TencentOS Server 3: php:7.4 (TSSA-2024:1123)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1123 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2021-36376
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...