19 matches found
Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)
Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...
AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)
IBM SECURITY ADVISORY First Issued: Tue Sep 16 08:25:08 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory11.asc Security Bulletin: AIX is vulnerable to a race condition in directory handling due to Perl CVE-2025-4090...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
Advisory ROSA-SA-2024-2537
Software: openjpeg2 2.4.0 OS: ROSA-CHROME packageevrstring: openjpeg2-2.4.0-3 CVE-ID: CVE-2022-1122 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The opj2decompress program in openjpeg2 has discovered a flaw in the way it handles an input directory with a large number of files. When the program fails ...
USN-6569-1: libclamunrar vulnerabilities
it was discovered that libclamunrar incorrectly handled directories when extracting RAR archives. A remote attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. CVE-2022-30333 ...
RHEL 9 : insights-client (RHSA-2023:6282)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6282 advisory. Red Hat Insights is a service that provides analysis of registered Red Hat-based systems. The insights- client package can gather the required data...
SUSE-SU-2021:3561-1 Security update for SUSE Manager Server 4.2
This update fixes the following issues: cobbler: - Fixed modifysetting test to complete successfully hub-xmlrpc-api: - Use rpm systemd macro to restart service in replace of systemctl patterns-suse-manager: - Virtualization-host-formula was renamed to virtualization-formulas py26-compat-salt: -...
CVE-2020-16908
An elevation of privilege vulnerability exists in Windows Setup in the way it handles directories. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...
SUSE-SU-2020:2741-1 Security update for libqt5-qtbase
This update for libqt5-qtbase fixes the following issues: - CVE-2020-17507: Fixed a buffer overflow in XBM parser bsc1176315 - Made handling of XDGRUNTIMEDIR more secure bsc1172515...
[SECURITY] Fedora 25 Update: perl-File-Path-2.12-366.fc25
This module provides a convenient way to create directories of arbitrary depth and to delete an entire directory subtree from the file system...
JVN#64451600: Tablacus Explorer vulnerable to script injection
Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Impact When a user accesses a crafted directory, an arbitrary script may be executed on Tablacus Explorer. As a result, an arbitrary OS command may...
CVE-2016-7118
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 kernel 3.2.81-1 in Debian wheezy mishandles FSETFL fcntl calls on directories, which allows local users to cause a denial of service NULL pointer dereference and system crash via standard filesystem operations, a...
Rsync Multiple Denial of Service Vulnerabilities (Windows)
This host is installed with Rsync and is prone to multiple denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbrsyncmultdosvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Rsync Multiple Denial of Service Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbon...
Trend Micro OfficeScan 8.0 Client - Denial of Service
Trend Micro OfficeScan 8.0 Client - Denial of Service source: https://www.securityfocus.com/bid/34642/info The Trend Micro OfficeScan Client is prone to a denial-of-service vulnerability because it fails to handle nested directories with excessively long names. Successfully exploits will crash th...
NOD32 Antivirus Directory Name Handling Multiple Operation Overflows
The version of NOD32 installed on the remote host reportedly contains two stack overflow vulnerabilities that can be triggered when the application tries to delete, disinfect, or rename an infected file in a specially-formatted directory. A remote attacker may be able to leverage these issues to...
NOD32 < 2.70.37 Directory Name Handling Multiple Overflows
Binary data 4001.prm...