24 matches found
CVE-2026-45692
Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...
OESA-2026-2492 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates buffer length during parsing of index The indxread function is called when there are certain NTFS directory operations that require more information from the index buffers. This adds a sanity check to ensur...
GHSA-X5W9-XH9R-MVFC Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...
go-git 输入验证错误漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Prior to version 5.17.1, go-git had a vulnerability related to input validation errors. This vulnerability stemmed from the index decoder not verifying the length of the application path name prefix, which could...
PT-2025-53209
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc6-syzkaller-g09a9639e56c0 Description The Linux kernel contains a flaw related to the handling of erofs filesystem images. Specifically, the kernel does not properly validate the clusterofs value within t...
EUVD-2025-31974
Malicious code in bioql PyPI...
SUSE CVE-2022-50442
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
UBUNTU-CVE-2022-50442
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
CVE-2022-50442 fs/ntfs3: Validate buffer length while parsing index
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
CVE-2022-50442
The CVE-2022-50442 entry describes a Linux kernel NTFS3 issue where indx_read did not sufficiently validate index buffer length during parsing, enabling a potential out-of-bounds memory access (observed as a slab-out-of-bounds read under KASAN). The vulnerability is tied to NTFS directory operati...
CVE-2022-50442 fs/ntfs3: Validate buffer length while parsing index
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to validate buffer lengths when parsing indexes, which could lead to out-of-bounds memory accesses...
Design/Logic Flaw
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...
SUSE CVE-2022-23525
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the repopackage. The repo package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart...
git: gitattributes parsing integer overflow
A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...
git: gitattributes parsing integer overflow
A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...
PT-2023-34015 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: The issue is related to the validation of buffer length while parsing an index in the fs/ntfs3 component. The actual impact and attack plausibility have not yet been proven. Recommendations...
PT-2023-33557 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.17 Description: The issue is related to the validation of buffer length while parsing an index in the fs/ntfs3 component. The actual impact and attack plausibility have not yet been proven. Recommendations:...
Security update for containerd, docker (moderate)
openSUSE Security Update: Security update for containerd, docker Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: 1191015 1191121 1191334 1191434 1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 N...