EUVD-2025-209671

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb-sfsinfo is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been...

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to always clean up the sb-sfsinfo structure, potentially leading to memory leaks...

EUVD-2022-55356

Malicious code in bioql PyPI...

CVE-2023-53399

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL pointer dereference in smb2getinfofilesystem If share is , share-path is NULL and it cause NULL pointer dereference issue...

PT-2026-20439

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of sb-s fs info within the HFS filesystem code. A memory leak could occur during the superblock allocation process when...

GHSA-M7F9-65WR-PWCH Plone vulnerable to filesystem information leak

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. dot dot in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions...

kernel: use-after-free in fs/xfs/xfs_super.c

A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure sb-sfsinfo may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who ...

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...

Microsoft Windows - 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1166 We have discovered that the nt!NtQueryVolumeInformationFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation...

ScozBook 1.1 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. Access to sensitive filesystem information may aid an attacker in launching...

Justice Guestbook 1.3 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in...

Design/Logic Flaw

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

CVE-2008-0978

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

Justice Guestbook 1.3 - Full Path Disclosure

Justice Guestbook 1.3 - Full Path Disclosure source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an...

Justice Guestbook 1.3 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in launching further attacks against a...