runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

Security Bulletin: EndpointRequest.to() creates a matcher for null/** if the actuator endpoint is disabled or not exposed, which affects IBM watsonx.data

Summary EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used i...

Linux Distros Unpatched Vulnerability : CVE-2025-22235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your...

GHSA-RC42-6C7J-7H5R Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

UBUNTU-CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CLSA-2023-1700686706 Update of microcode_ctl

Fix silent microcode rejection in some cases - Loading to /dev/null is enabled on VM...

MGASA-2022-0439 Updated tumbler packages fix security vulnerability

gst-thumbnailer: Add mime type check gxoxfce/tumbler65 desktop-thumbnailer: Guard against null path Fix typo in gthread version gxoxfce/tumbler!14...

Updated tumbler packages fix security vulnerability

gst-thumbnailer: Add mime type check gxoxfce/tumbler65 desktop-thumbnailer: Guard against null path Fix typo in gthread version gxoxfce/tumbler!14...

PT-2022-37583 · Tumbler · Tumbler

Name of the Vulnerable Software and Affected Versions: tumbler affected versions not specified Description: The issue concerns a lack of mime type check and a null path guard in the desktop-thumbnailer, as well as a typo in the gthread version. Recommendations: At the moment, there is no...

OPENSUSE-SU-2022:10207-1 Security update for tumbler

This update for tumbler fixes the following issues: tumbler was updated to version 4.16.1 boo1205210 gst-thumbnailer: Add mime type check gxoxfce/tumbler65 desktop-thumbnailer: Guard against null path Fix typo in gthread version gxoxfce/tumbler!14...

CVE-2020-36488

An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via /null// path commands...

CVE-2020-23040

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands...

CVE-2020-23040

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands...

Directory traversal

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands...

CVE-2020-23040

Sky File v2.1.0 is affected by a directory traversal vulnerability in its FTP server that allows an attacker to access sensitive data via 'null' path commands. The issue arises from improper handling of directory traversal, enabling access to files outside the intended directory. Affected compone...

CVE-2020-23040

Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands...

Marlink Sky File 路径遍历漏洞

Marlink Sky File is a product of Marlink, Inc. that is used to quickly transfer files to mobile devices. A path traversal vulnerability exists in Marlink Sky File. An attacker can access sensitive data and files via the null path command...

CVE-2016-1524

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using 1 fileUpload.do or 2 lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for ...