1867 matches found
USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
EUVD-2026-39608
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
EUVD-2026-37006
i18next-http-middleware: MissingKeyHandler does not reject keys whose segments contain prototype-polluting names...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Added a check for the negative value of dbl2nbperpage. l2nbperpage is log2number of blks per page, and the minimum legal value should be 0, not negative. If l2nbperpage is negative, an error will occur when it is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Replace BTRFSMAXEXTENTSIZE with fsinfo-maxextentsize. In a zoned filesystem, data writing is limited by maxzoneAppendSize. A large ordered extent is split according to the size of a bio. On the other hand, the number of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fixed the issue of “not skipping locked entries when scanning entries” The commit 6be3e21d25ca “fs/dax: not skipping locked entries when scanning entries” introduced a new function, waitentryunlockedexclusive, which waits...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipc: A memory leak has been fixed in initmqueuefs. When setupmqsysctls failed in initmqueuefs, the mqueue inode cachep is not released. To address this issue, the release path has been reordered...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: A possible memory leak has been fixed in initmqueuefs. The commit number is db7cfc380900 „ipc: Free mqsysctls if ipc namespace creation failed“. This is a similar memory leak to the one fixed by the above patch. The...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: exfat: fixed a potential deadlock in exfatgetdentryset When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetdentryset. The problem is that the bh-array is allocated using GFPKERNEL. Thi...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: fs/jfs: prevented double-free in dbUnmount after failed jfsremount Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slabfree mm/slub.c:3787...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed a fget leak when the file system does not support nowait buffered reads. Heming reported a bug when using iouring for link-cp operations on ocfs2. 1 The following steps can reproduce this bug: mount -t ocfs2 /dev/v...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: The fs and lock operations during checks for active status. The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from the hardware, set the hardware deletion function to NULL...
CVE-2026-48713
CVE-2026-48713 affects i18next-fs-backend prior to 2.6.6. The issue arises when crafted missing-key strings are persisted via missingKeyHandler, where Backend.writeFile() splits keys on keySeparator and the path walker could reach Object.prototype (e.g., a key like "proto .polluted"), allowing pr...
NPM: vite: `server.fs.deny` bypass on Windows alternate paths
NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...
GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
CVE-2026-42535
A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
CVE-2026-42535
A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...
OESA-2026-2557 kata-containers security update
This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: 'This vulnerability was fixed in Kata Containers 3.31.0:', 'Description:\n\nIn the runtime-rs standalone virtio-fs path, Kata Containers runs virtiofsd\nas root with --sandbox none --seccom...