EUVD-2026-34832

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in jfsreaddir. The stbl might contain some invalid values. A check was added to return an error code in such cases...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ceph: A memory leak was fixed in cephreaddir when notelastdentry returns an error. lastreaddir was reset at the same time, and a comment was added explaining why lastreaddir is not freed when diremit returns false...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: Fixed an array-index-out-of-bounds read in addmissingindices. stbl is a signed 8-bit value, but its offset must be within a range of 0 to 127. A bound check was added for this error, and if the check fails, the error code -E...

SUSE CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

Linux Distros Unpatched Vulnerability : CVE-2026-31694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dire...

CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

CVE-2026-31694

Summary: CVE-2026-31694 fixes a Linux kernel FUSE directory-entry handling flaw. A malicious FUSE server could cause a 24-byte overflow by returning a dirent whose serialized size (based on namelen) exceeds a single PAGE_SIZE. The bug arises in fuse_add_dirent_to_cache(), which previously only ch...

CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

CVE-2026-31694 fuse: reject oversized dirents in page cache

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

PT-2026-36324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fuse add dirent to cache function where the system computes a serialized directory entry dirent size based on the server-controlled namelen field and copies it int...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013527)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013527 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in addmissingindices stbl is s8 but it must contain offse...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013098 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011349)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011349 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013099)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013099 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007630 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007455)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007455 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006594 advisory. In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephreaddir when notelastdentry returns error Reset the lastreaddir at t...

CVE-2026-33670

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...