GHSA-5QWM-7PVP-W988 OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle

Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...

GHSA-JXPF-XQ2M-Q525 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Summary OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries and Storage.OpenStream to loop indefinitely, consuming the calling thre...

CVE-2026-0604

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dirpath' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for authenticated attackers,...

CVE-2026-0604

CVE-2026-0604 affects the WordPress plugin FastDup – Fastest WordPress Migration & Duplicator via a Path Traversal flaw in the REST endpoint njt-fastdup/v1/template/directory-tree. An authenticated attacker with at least Contributor+ privileges can read contents of arbitrary server directories th...

EUVD-2011-3589

Malware in sbrugna...

EUVD-2019-0260

Malware in sbrugna...

EUVD-2002-1907

Malware in sbrugna...

CVE-2002-1928

602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "" tilde or ".bak" extension...

Linux Distros Unpatched Vulnerability : CVE-2010-2242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended...

SUSE-SU-2024:2603-1 Security update for shadow

This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees bsc916845...

EulerOS 2.0 SP11 : lxc (EulerOS-SA-2023-1785)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

EulerOS 2.0 SP8 : lxc (EulerOS-SA-2023-1600)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

EulerOS 2.0 SP10 : lxc (EulerOS-SA-2023-1557)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

EulerOS 2.0 SP9 : lxc (EulerOS-SA-2023-1451)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

K94041354: OpenSSL vulnerability CVE-2019-1552

Security Advisory Description OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configurati...

SUSE CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

Path traversal

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...