14 matches found
GHSA-XWCR-WM99-G9JC Algernon: handler.lua discovery walks parent directories above the server root
Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...
CVE-2026-41933
CVE-2026-41933 details : Vvveb (before 1.0.8.3) has a directory listing information disclosure vulnerability enabling unauthenticated attackers to enumerate files and directories by hitting multiple paths without proper index directives in .htaccess. Exposed directories include admin asset paths,...
CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure
Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...
EUVD-2026-26589
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daiodeviceindex for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 pattern and...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from missing index handling of the SPDIF1 DAIO type in the ALSA ctxfi driver, which could lead to out-of-bounds...
JLSEC-2025-109 FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because...
FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...
Linux Distros Unpatched Vulnerability : CVE-2020-14212
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain...
SUSE CVE-2024-42117
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id WHY finddispcfgidxbyplaneid and finddispcfgidxbystreamid returns an array index and they return -1 when not found; however, -1 is not a valid index number. HOW...
SUSE CVE-2024-26147
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
AZL-34584 CVE-2024-26147 affecting package cert-manager for versions less than 1.12.13-1
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
UBUNTU-CVE-2024-26147
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2022-30625
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences...
UBUNTU-CVE-2020-14212
FFmpeg through 4.3 has a heap-based buffer overflow in aviogetstr in libavformat/aviobuf.c because dnnbackendnative.c calls ffdnnloadmodelnative and a certain index check is omitted...