EUVD-2025-209671

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to always clean up the sb-sfsinfo structure, potentially leading to memory leaks...

EUVD-2022-55356

Malicious code in bioql PyPI...

CVE-2023-53399

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL pointer dereference in smb2getinfofilesystem If share is , share-path is NULL and it cause NULL pointer dereference issue...

PT-2026-20439

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of sb-s fs info within the HFS filesystem code. A memory leak could occur during the superblock allocation process when...

GHSA-M7F9-65WR-PWCH Plone vulnerable to filesystem information leak

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

kernel: use-after-free in fs/xfs/xfs_super.c

A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure sb-sfsinfo may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who ...

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...

Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1166 We have discovered that the nt!NtQueryVolumeInformationFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation...

Justice Guestbook 1.3 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in...

ScozBook 1.1 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. Access to sensitive filesystem information may aid an attacker in launching...

Design/Logic Flaw

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

CVE-2008-0978

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

Justice Guestbook 1.3 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in launching further attacks against a...

Justice Guestbook 1.3 - Full Path Disclosure

Justice Guestbook 1.3 - Full Path Disclosure source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an...