Denial Of Service (DoS)

github.com/google/osv-scalibr is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of empty directory responses in the filesystem traversal fallback path, which allows an attacker to trigger an out-of-bounds access index out of range leading to a panic and...

Kata Containers Code Issues and Vulnerabilities

Kata Containers is an open-source, lightweight virtual infrastructure building tool developed by the Kata Containers community. Versions of Kata Containers prior to 3.26.0 contained code vulnerabilities. These vulnerabilities stemmed from the backtracking of empty directories when handling...

Security update for runc

This update for runc fixes the following issues: CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: Update to runc v1.2.6. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

runc can be confused to create empty files/directories on the host

...

SUSE CVE-2024-45310

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

AZL-48543 CVE-2024-45310 affecting package runc for versions less than 1.2.2-1

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

[SECURITY] Fedora 39 Update: rust-uu_rmdir-0.0.23-3.fc39

rmdir uutils remove empty DIRECTORY...

SUSE CVE-2023-52596

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

CVE-2023-52596

An out of bounds access flaw was found in empty sysctl registers in the Linux kernel. This may lead to a crash...

UBUNTU-CVE-2023-52596

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

php: ZipArchive:: extractTo allows for directory traversal when creating directories

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

OpenDoor - OWASP Directory Access Scanner

This application scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. This software is written for informational purposes and is an open source product under the GPL license...

OWASP Directory Access scanner

OWASP Directory Access scanner This application scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. This software is written for informational purposes and is an open source...

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

CVE-2014-9767

Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/phpzip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/extzip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive...

CVE-2006-1235

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories possibly only empty directories via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue;...