xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

pidgen2 (>=0.3.15 <=0.3.20), xrootd-utils (=0.1.0) +1 more potentially affected by unknown CVE via xrootd (>=4.12.7 <=5.8.2)

xrootd PYPI version =4.12.7, =0.3.15, =0.2.2, =1.0.0a1 Source cves: unknown CVE Source advisory: OSV:GHSA-VJ8V-P5VW-M6V5...

GHSA-VJ8V-P5VW-M6V5 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern

Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...

Fedora: Security Advisory (FEDORA-2025-9b8c8ca077)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2017-1488

Malware in sbrugna...

firewalld bug fix and enhancement update

An update is available for firewalld. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list firewalld is a firewall service daemon that provides a dynamic customizable...

SUSE CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

XRootD: Remote code execution

Background A project that aims at giving high performance, scalable, and fault tolerant access to data repositories of many kinds. Description A shell command injection was discovered in XRootD. Impact A remote attacker could execute arbitrary code. Workaround There is no known workaround at this...

GLSA-201903-11 : XRootD: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201903-11 XRootD: Remote code execution A shell command injection was discovered in XRootD. Impact : A remote attacker could execute arbitrary code. Workaround : There is no known workaround at this time. C Tenable Network Securit...

ROOT xrootd Command Injection Vulnerability

ROOT xrootd is a scalable data repository that features fault-tolerant access and low-latency access. A command injection vulnerability exists in ROOT xrootd 4.6.0 and earlier versions. A remote attacker can exploit this vulnerability to execute commands...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2017-1000215

CVE-2017-1000215 affects ROOT xrootd versions 4.6.0 and earlier, exposing an unauthenticated shell command injection that enables remote code execution. The vulnerability is documented across multiple advisories (NVD, SUSE, Gentoo GLSA) indicating remote code execution via a shell command injecti...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...