Lucene search
K

24 matches found

AlpineLinux
AlpineLinux
added 2026/06/23 5:55 p.m.6 views

CVE-2026-45692

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different...

5.4CVSS5.9AI score0.00144EPSS
Exploits1
OSV
OSV
added 2026/05/29 1:34 p.m.22 views

OESA-2026-2492 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index...

9.8CVSS5.9AI score0.00554EPSS
Exploits0References16
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates buffer length during parsing of index The indxread function is called when there are certain NTFS directory operations that require more information from the index buffers. This adds a sanity check to ensur...

7.1CVSS6.8AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 3:51 p.m.5 views

GHSA-X5W9-XH9R-MVFC Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization

This report is not about a normal textual prefix-expansion case. The issue here is that the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different confi...

5.4CVSS5.7AI score0.00144EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

go-git 输入验证错误漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Prior to version 5.17.1, go-git had a vulnerability related to input validation errors. This vulnerability stemmed from the index decoder not verifying the length of the application path name prefix, which could...

2.8CVSS5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.10 views

PT-2025-53209

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc6-syzkaller-g09a9639e56c0 Description The Linux kernel contains a flaw related to the handling of erofs filesystem images. Specifically, the kernel does not properly validate the clusterofs value within t...

7.8CVSS7.2AI score0.00462EPSS
Exploits2References844
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31974

Malicious code in bioql PyPI...

6.4AI score0.00149EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/10/01 11:32 p.m.2 views

SUSE CVE-2022-50442

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...

7.1CVSS6.5AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2025/10/01 12:15 p.m.4 views

UBUNTU-CVE-2022-50442

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...

7.1CVSS5.9AI score0.00149EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/01 11:42 a.m.9 views

CVE-2022-50442 fs/ntfs3: Validate buffer length while parsing index

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...

0.00149EPSS
Exploits0References4
CVE
CVE
added 2025/10/01 11:42 a.m.20 views

CVE-2022-50442

The CVE-2022-50442 entry describes a Linux kernel NTFS3 issue where indx_read did not sufficiently validate index buffer length during parsing, enabling a potential out-of-bounds memory access (observed as a slab-out-of-bounds read under KASAN). The vulnerability is tied to NTFS directory operati...

7.1CVSS6.1AI score0.00149EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/01 11:42 a.m.9 views

CVE-2022-50442 fs/ntfs3: Validate buffer length while parsing index

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...

7.1CVSS6.5AI score0.00149EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to validate buffer lengths when parsing indexes, which could lead to out-of-bounds memory accesses...

6.3AI score0.00149EPSS
Exploits0References5
Prion
Prion
added 2023/03/09 9:15 p.m.17 views

Design/Logic Flaw

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...

5CVSS7.5AI score0.00798EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.1 views

SUSE CVE-2022-23525

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the repopackage. The repo package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart...

3.7CVSS6AI score0.00818EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/02/07 3:52 p.m.13 views

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

9.8CVSS7.7AI score0.56334EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/02/06 7:40 p.m.3 views

git: gitattributes parsing integer overflow

A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These...

9.8CVSS7.7AI score0.56334EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-34015 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: The issue is related to the validation of buffer length while parsing an index in the fs/ntfs3 component. The actual impact and attack plausibility have not yet been proven. Recommendations...

7.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33557 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.0.17 Description: The issue is related to the validation of buffer length while parsing an index in the fs/ntfs3 component. The actual impact and attack plausibility have not yet been proven. Recommendations:...

7.4AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2022/02/04 12:0 a.m.63 views

Security update for containerd, docker (moderate)

openSUSE Security Update: Security update for containerd, docker Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: 1191015 1191121 1191334 1191434 1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 N...

6.3CVSS7.1AI score0.02693EPSS
Exploits3References5
Rows per page
Query Builder