Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1816)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1816 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following...

ROS-20260608-73-0001

The vulnerability of the cifsgetspnegokey function in the cifs.upcall tool of the cifs-utils package in Linux kernel systems is related to the lack of authentication for the critical function. Exploiting this vulnerability can allow an attacker to elevate their privileges to root and execute...

CVE-2026-11258

An inappropriate implementation flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499078161...

CVE-2026-11078

An insufficient validation of untrusted input flaw was found in the FileSystem component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499917177...

SUSE CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10931

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11078

Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

CVE-2025-43290

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

CVE-2026-45252

When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

CVE-2026-28908

A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system...

CVE-2026-34863

Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41970

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NTFS handler that miscalculates compression-unit buffer size in GetCuSize function. An attacker can achieve arbitrary code execution or application crash by sending data with specially crafted...

OESA-2026-2576 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and...