USN-8367-1: tar-fs vulnerabilities

It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-12905 It was...

CVE-2026-43888

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

GHSA-775H-3XRC-C228 Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

MiracleLinux 4 : quagga-0.99.15-5.AXS4.2 (AXSA:2011-136:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2011-136:01 advisory. Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi- thread approach to resolve the current...

EUVD-2025-25367

Malicious code in bioql PyPI...

ROS-20250825-05

A vulnerability in the Ruby Sinatra web application development framework is related to a flaw in limiting the name of the of the directory path. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data...

CVE-2025-38652 f2fs: fix to avoid out-of-boundary access in devs.path

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...

SUSE CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...

SUSE CVE-2010-1675

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service session reset via a malformed ASPATHLIMIT path attribute...

Description of the security update for SharePoint Server 2019: May 11, 2021 (KB5001916)

Description of the security update for SharePoint Server 2019: May 11, 2021 KB5001916 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and a Microsoft SharePoint spoofing vulnerability and information disclosure vulnerability. To learn more...

CVE-2020-29482

CVE-2020-29482 affects Xen up to 4.14.x via oxenstored. A guest can create xenstore paths in its own namespace that exceed the pathname limit, because management tools must use absolute paths and oxenstored enforces a limit on the client-specified path. This can cause some management tools and de...

Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3989/info There exists a condition in Microsoft Windows operating systems using NTFS that may allow for files to be hidden. Though the NTFS filesystem allows for a 32000 character path, Microsoft Windows operating systems...

quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service session reset via a malformed ASPATHLIMIT path attribute...

Microsoft Windows NT 4.0/2000 - NTFS File Hiding

source: https://www.securityfocus.com/bid/3989/info There exists a condition in Microsoft Windows operating systems using NTFS that may allow for files to be hidden. Though the NTFS filesystem allows for a 32000 character path, Microsoft Windows operating systems NT4, 2000 and XP enforce a 256...