317 matches found
CVE-2026-59510
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
CVE-2026-59510
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
PT-2026-55817
Name of the Vulnerable Software and Affected Versions AIL Framework versions prior to commit 14c618fce4d1df02358717c48ea903706abecdf2 Description A path traversal issue exists in the PDF object handling. The PDF.get filepath function constructs a file path by joining the configured PDF storage...
Linux Distros Unpatched Vulnerability : CVE-2026-53422
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and...
CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
UBUNTU-CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
EEF-CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Summary Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH\FXP\REALPATH handler in ssh\sftpd calls relate\file\name/3 with...
CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
EUVD-2026-41410
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
CVE-2026-53422
CVE-2026-53422 describes an observable response discrepancy in Erlang/OTP ssh_sftpd where the REALPATH handling bypasses the root check, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The uncanonicalized path can trigger resolve_sy...
CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
SUSE CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
DEBIAN-CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
Summary (CVE-2025-15661): libssh2 up to 1.11.1 contains a heap over-read in the sftp_symlink() implementation (src/sftp.c). A crafted SSH_FXP_NAME response can cause a heap buffer over-read when a link_len value exceeds actual packet data during SFTP READLINK/REALPATH, due to missing validation o...
CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...