50 matches found
ROS-20260608-73-0014
The vulnerability of the .NET Core software platform is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...
CVE-2026-45409
Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...
EUVD-2025-6960
Malicious code in bioql PyPI...
The vulnerability of Nokia’s Single Radio Access Network management platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Nokia Single RAN network management platform lies in the improper limitation of the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the FUN_0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B allows a hacker to write arbitrary files.
The vulnerability of the FUN0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B is related to an incorrect limitation on the path name when processing the SESSIONID parameter. Exploiting this vulnerability allows a remote attacker to write arbitrary files by sending speciall...
kernel: afs: Fix the maximum cell name length
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name o...
OESA-2025-1364 erlang security update
Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...
BIT-MLFLOW-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
The vulnerability of the gp_open_scratch_file_impl() function in the files base/gp_mswin.c and base/winrtsup.cpp of the Ghostscript processing, conversion, and generation software suite allows a malicious actor to read arbitrary files.
The vulnerability of the gpopenscratchfileimpl function in the base/gpmswin.c and base/winrtsup.cpp files of the Ghostscript processing, conversion, and generation software suite is related to an incorrect path name limitation. Exploiting this vulnerability could allow a remote attacker to read...
SUSE CVE-2025-30211
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...
CVE-2025-30211
CVE-2025-30211 affects Erlang/OTP: prior to OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a malicious KEX init message can trigger high memory usage because the implementation does not verify RFC limits on 64-character algorithm names in KEX init messages, leading to memory allocation for processing mali...
CVE-2024-6838
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow
In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...
The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software lies in the incorrect limitation of the path name in the restricted access catalog, allowing attackers to read and write arbitrary files.
The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to an incorrect limitation on the name of the path to the restricted-access catalog. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files remotely...
The vulnerability of the DevTools set of tools for web development in Google Chrome allows a hacker to bypass security restrictions.
The vulnerability of the DevTools set of tools for web development in the Google Chrome browser is related to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...
OESA-2024-2561 iptraf-ng security update
IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Security Fixes: VUL-0: CVE-2024-52949: iptraf-ng: limit interface name lengths to IFNAMSIZCVE-2024-52949...
OESA-2024-2500 iptraf-ng security update
IPTraf is a console-based network monitoring program for Linux that displays information about IP traffic. It returns such information as: Security Fixes: VUL-0: CVE-2024-52949: iptraf-ng: limit interface name lengths to IFNAMSIZCVE-2024-52949...
The vulnerability of the Rockwell Automation Pavilion8 platform’s simulation, control, and optimization functions arises from an improper limitation on the path name to the restricted access catalog. This allows a malicious actor to execute arbitrary code.
The vulnerability of the Rockwell Automation Pavilion8 platform for simulation, control, and optimization is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
The vulnerability of the threat detection mechanism for Microsoft Defender for IoT involves an incorrect path name limitation, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to an incorrect path name limitation when loading tar-format files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the pgAdmin 4 database management tool arises from an incorrect path name limitation for the restricted access directory, allowing a hacker to execute arbitrary code.
The vulnerability of the pgAdmin 4 database management tool exists due to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...