36 matches found
EUVD-2026-1425
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...
Werkzeug safe_join() allows Windows special device names
Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. sendfromdirectory uses safejoin to safely serve files at user-specified paths under a director...
EUVD-2011-3227
Malware in sbrugna...
EUVD-2024-3267
Malicious code in bioql PyPI...
CVE-2024-51756
The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...
CVE-2024-51745
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...
CVE-2024-51756
The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...
CVE-2024-51756
The CVE affects cap-std’s Windows filesystem sandbox, where access to special device filenames with superscript digits (e.g., COM¹, LPT⁰) was not blocked, allowing untrusted paths to bypass the sandbox and reach peripheral devices or network-shared resources mapped to those devices. Root cause: t...
CVE-2024-51756 cap-std doesn't fully sandbox all the Windows device filenames
The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...
CVE-2024-51756 cap-std doesn't fully sandbox all the Windows device filenames
The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...
CVE-2024-51745 Wasmtime doesn't fully sandbox all the Windows device filenames
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits,...
Bytecode Alliance Wasmtime 安全漏洞
Bytecode Alliance Wasmtime is a standalone WebAssembly and WASI-only wasm optimization software open-sourced by Bytecode Alliance. A security vulnerability exists in Bytecode Alliance Wasmtime that stems from a file system sandbox implementation on Windows that does not block access to special...
Apple’s Hackable iPhones Are Finally Here
Last year, Apple announced a special device just for hackers. The phone—for approved researchers only—will soon go into circulation...
GLSA-201808-02 : LinuX Containers user space utilities: Arbitrary file read
The remote host is affected by the vulnerability described in GLSA-201808-02 LinuX Containers user space utilities: Arbitrary file read lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check...
DEBIAN-CVE-2011-3263
zabbixagentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service CPU consumption by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device...
Cherokee Web-server DoS
Crash on DOS special device name...
USN-914-1: Linux kernel vulnerabilities
Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. CVE-2010-0307 Marcelo Tosatti discovered that the Linux kernel's hardware virtualization did not...
CVE-2008-1353
zabbixagentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service CPU and connection consumption via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero...
CVE-2008-1353
zabbixagentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service CPU and connection consumption via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero...
CVE-2008-1353
zabbixagentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service CPU and connection consumption via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero...