PT-2025-38340

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak was identified in the mt8183 mt6358 ts3a227 max98357 dev probe function within the ASoC ALSA on System-on-Chip subsystem for MediaTek mt8183 platforms. The issue...

AZL-71903 CVE-2023-53348 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when aborting transaction during relocation with scrub Before relocating a block group we pause scrub, then do the relocation and then unpause scrub. The relocation process requires starting and committing a...

CVE-2025-38416 NFC: nci: uart: Set tty->disc_data only in success path

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in success path Setting tty-discdata before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before...

Vulnerability of the iblock module in the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to protected information

Vulnerability of the iblock module in the Content Management System CMS of 1C-Bitrix: Website management is associated with errors in processing the relative path to the catalog. Exploiting this vulnerability can allow unauthorized users to gain unauthorized access to protected information...

Vulnerability of the iblock module in the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to protected information

Vulnerability of the iblock module in the Content Management System CMS of 1C-Bitrix: Website management is associated with errors in processing the relative path to the catalog. Exploiting this vulnerability can allow unauthorized users to gain unauthorized access to protected information...

CVE-2025-38165

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skblinearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: ''' 657.460555 kernel BU...

SUSE CVE-2022-49996

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfsgetdevargsfrompath In btrfsgetdevargsfrompath, btrfsgetbdevandsb can fail if the path is invalid. In this case, btrfsgetdevargsfrompath returns directly without freeing args-uuid and...

CVE-2022-49996 btrfs: fix possible memory leak in btrfs_get_dev_args_from_path()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfsgetdevargsfrompath In btrfsgetdevargsfrompath, btrfsgetbdevandsb can fail if the path is invalid. In this case, btrfsgetdevargsfrompath returns directly without freeing args-uuid and...

CVE-2020-13227

An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username under which the web server is running by triggering an invalid path permission error. This bypasses the fakepath protection mechanism...

CVE-2012-4255

MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refreshdblist.php, which reveals the installation path in an error message...

CVE-2011-3805

TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/registerinfo.php and certain other files...

CVE-2011-3782

phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/SmartyCompiler.class.php and certain other files...

CVE-2003-1269

AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message...

The vulnerability of the ThinServer.exe executable file of the ThinServer component of the Rockwell Automation ThinManager centralized application management platform allows a attacker to load arbitrary files.

The vulnerability of the ThinServer.exe executable file of the ThinServer component of Rockwell Automation’s ThinManager application platform is related to errors in processing the relative path to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to...

SUSE CVE-2025-21679

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside getcanonicaldevpath Inside function getcanonicaldevpath, we call dpath to get the final device path. But dpath can return error, and in that case the next strscpy call will trigger an...

CVE-2024-53093 nvme-multipath: defer partition scanning

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scanwork context. If a path error occurs here, the IO will wait until a path becomes available or all paths are...

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to disclose protected information.

The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow a malicious actor to disclose protected information from a remote location...

CVE-2024-43878 xfrm: Fix input error path memory access

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: 52.987278 eth1: renamed from veth11 53.078814 eth1: renamed from veth21 53.181355...

The vulnerability of Ollama’s system for running and managing large language models lies in errors in processing the relative path to the catalog. This allows a malicious actor to gain access to arbitrary files within the vulnerable system.

The vulnerability of Ollama’s system for running and managing large language models is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to gain access to arbitrary files within the vulnerable system...

The vulnerability of microprogrammed biometric terminal software for ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME lies in errors in processing the relative path to the catalog. This allows intruders to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent security...