Astra Linux - уязвимость в node-glob-parent

This affects the glob-parent package before version 5.1.2. The enclosure regex used to check for strings ending with an enclosure containing a path separator is affected...

MiracleLinux 8 : samba-4.11.2-13.el8 (AXSA:2020-904:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-904:04 advisory. samba: Combination of parameters and permissions can allow user to escape from the share path definition CVE-2019-10197 samba: smb client vulnerable ...

EUVD-2021-1421

Malware in sbrugna...

EUVD-2025-4758

Malicious code in bioql PyPI...

sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.

...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:02978-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02978-1 advisory. Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configuration...

CVE-2025-55214

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

CVE-2025-55214 Copier safe template has filesystem write access outside destination path

Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

GHSA-MM3P-J368-7JCR IPX Allows Path Traversal via Prefix Matching Bypass

Summary The approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. PoC - setup mkdir /public123 move a png file...

CVE-2025-0452

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...

DEBIAN-CVE-2024-57259

sqfssearchdir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation...

CVE-2024-57259

sqfssearchdir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation...

SUSE CVE-2024-57259

sqfssearchdir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1, which stems from a heap memory corruption in squashfs directory listings due to a failure ...

CVE-2024-57259

sqfssearchdir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation...

rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary...

FreeBSD : FreeBSD -- NFS client accepts file names containing path separators (c02b8db5-771b-11ef-9a62-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c02b8db5-771b-11ef-9a62-002590c1f29c advisory. When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames fo...

FreeBSD-SA-24:07.nfsclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:07.nfsclient Security Advisory The FreeBSD Project Topic: NFS client accepts file names containing path separators Category: core Module: NFS client...

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...