Lucene search
K

111 matches found

OSV
OSV
added 2024/08/12 1:38 p.m.3 views

CVE-2024-6759

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. The lack of validation described...

5.3CVSS5.8AI score0.00676EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/11 2:45 a.m.16 views

CVE-2024-6759 NFS client accepts file names containing path separators

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. The lack of validation described...

5.2AI score0.00676EPSS
Exploits0References1
CVE
CVE
added 2024/08/11 2:45 a.m.84 views

CVE-2024-6759

The CVE-2024-6759 issue affects FreeBSD NFS client behavior: the kernel does not sanitize remotely provided filenames containing the path separator "/" when mounting a remote filesystem, allowing readdir(3) and related calls to return entries with extra path components. This creates a confused de...

5.3CVSS6.5AI score0.00676EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/11 2:45 a.m.28 views

CVE-2024-6759 NFS client accepts file names containing path separators

When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. The lack of validation described...

0.00676EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/08/07 12:0 a.m.16 views

FreeBSD -- NFS client accepts file names containing path separators

Problem Description: When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". This allows readdir3 and related functions to return filesystem entries with names containing additional path components. Impact: The la...

5.3CVSS7.2AI score0.00676EPSS
Exploits0
RustSec
RustSec
added 2024/05/22 12:0 p.m.8 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.37 views

Oracle Linux 9 : runc (ELSA-2024-2180)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2180 advisory. 4:1.1.12-2 - Switch dependency on criu to Recommends - Resolves: RHEL-25116 Tenable has extracted the preceding description block directly from the...

7.5CVSS7.2AI score0.01618EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 10:27 a.m.3 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:0 a.m.16 views

BIT-GOLANG-2022-30630 Stack exhaustion in Glob on certain paths in io/fs

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 10:59 a.m.23 views

BIT-GOLANG-2022-30632 Stack exhaustion on crafted paths in path/filepath

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...

7.5CVSS7.7AI score0.01618EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5775)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5775 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

7.5CVSS7.2AI score0.01875EPSS
Exploits4References20
RedHat Linux
RedHat Linux
added 2023/05/16 8:59 a.m.3 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 8:59 a.m.4 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/16 8:49 a.m.4 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.2 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.2 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/15 7:58 p.m.3 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.5 views

SUSE CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

5.3CVSS8.8AI score0.24148EPSS
Exploits5References40
RedHat Linux
RedHat Linux
added 2023/01/24 12:51 p.m.7 views

golang: path/filepath: stack exhaustion in Glob

A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/24 12:51 p.m.6 views

golang: io/fs: stack exhaustion in Glob

A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
Rows per page
Query Builder