60 matches found
Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions
A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...
ALPINE-CVE-2026-21715
A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...
EUVD-2026-11593
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files results in path traversal. Remote exploitation of the attack is possible. The exploit is now...
EUVD-2006-0051
Malware in sbrugna...
EUVD-2018-0059
Malware in sbrugna...
EUVD-2021-27188
Malware in sbrugna...
EUVD-2018-3276
Malware in sbrugna...
SUSE CVE-2006-0043
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks...
SUSE CVE-2018-14338
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...
SUSE CVE-2018-14939
The getapppath function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impac...
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value potentially leading to information leakage and disclosure of sensitive data.
...
AZL-10675 CVE-2021-3998 affecting package glibc for versions less than 2.35-7
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
DEBIAN-CVE-2021-3998
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
CVE-2021-3998
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
Design/Logic Flaw
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
CVE-2021-3998
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
CVE-2021-3998
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
UBUNTU-CVE-2021-3998
A flaw was found in glibc. The realpath function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data...
MGASA-2020-0398 Updated libuv packages a fix security vulnerability
The implementation of realpath in libuv before 1.39 incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes CVE-2020-8252...
Arbitrary Code Execution
GNU C Library is vulnerable to arbitrary code execution attacks. This occurs in the stdlib/canonicalize.c when processing very long pathname arguments to the realpath function which may encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and potentially...