Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: UDF: Fixed uninitialized array access for some pathnames For filenames that start with . and are between 2 and 5 characters long, the UDF charset conversion code would read uninitialized memory from the output buffer. The only...

Astra Linux - уязвимость в pillow

In version 9.0.1, Pillow allows attackers to delete files because spaces in temporary pathnames are mishandled...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ntfs: -dcompare must not block. … So don’t use getname there. Switch it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash can almost certainly handle smaller allocations, but let the ntfs team deal with that—keep the allocation siz...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017340 advisory. Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. Tenable has extracted the preceding description block...

Astra Linux - уязвимость в unoconv

The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution...

bash: Fix of CVE-2019-9924

CVE-2019-9924: reject attempts to add pathnames containing slashes to the hash table in restricted shell...

CLSA-2026-1777446568 bash: Fix of CVE-2019-9924

CVE-2019-9924: reject attempts to add pathnames containing slashes to the hash table in restricted shell...

JLSEC-2026-289

In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathname...

EUVD-2026-15886

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through 18.5...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-1582)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-1610)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005797 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005469)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005469 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are...

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

Summary The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002691 advisory. The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stac...

CVE-1999-0313

diskbandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992397)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992397 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are...