64 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the BUGON issue when the directory entry has an invalid reclen field. The reclen field in the directory entry must be a multiple of 4. A corrupted filesystem image can cause a BUG in ext4reclentodisk, which is called...
CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-3864
CVE-2026-3864 affects the Kubernetes CSI Driver for NFS (csi-driver-nfs). The vulnerability arises from insufficient validation of the subDir parameter in volume identifiers, enabling path traversal (../) when creating PersistentVolumes and during volume deletion/cleanup. An attacker with PV crea...
EUVD-2026-11778
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...
Improper Directory Validation
@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...
EUVD-2026-4947
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000281)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000281 advisory. An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in xfrmpolicyunlink, which will cause denial of service, because...
SUSE-SU-2025:4257-2 Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305...
EUVD-2025-25803
Malicious code in bioql PyPI...
EUVD-2022-1194
Malicious code in bioql PyPI...
SUSE CVE-2025-38710
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...
CVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002
CVE-2025-44002 affects TeamViewer Full Client and TeamViewer Host before version 15.69 on Windows. The root cause is a race condition in the directory validation logic, allowing a local non-admin user to exploit symbolic-link manipulation to create arbitrary files with SYSTEM privileges, potentia...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
TeamViewer Full Client和TeamViewer Host 安全漏洞
TeamViewer Full Client and TeamViewer Host are both a remote control software from the German company TeamViewer. A security vulnerability exists in TeamViewer Full Client and TeamViewer Host versions prior to 15.69, which stems from a contention condition in the directory validation logic that...
PT-2025-34754 · Teamviewer · Teamviewer
Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.69 Description: A race condition exists in the directory validation logic within the TeamViewer Full Client and Host on Windows. This allows a local, non-administrator user to create arbitrary files with SYSTEM...
CVE-2023-28865
Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories e.g., ensuring the expected hash sum during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who...