ROS-20260121-73-0028

A vulnerability in the nfsd component of the Linux operating system kernel is related to errors in updating the reference count. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

PT-2026-3680

Name of the Vulnerable Software and Affected Versions Oracle ZFS Storage Appliance Kit version 8.8 Description An easily exploitable issue exists within the Filesystems component of the Oracle ZFS Storage Appliance Kit. A high-privileged attacker with access to the system where the kit executes c...

MiracleLinux 8 : kernel-4.18.0-348.12.2.el8_5 (AXSA:2022-3013:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3013:03 advisory. kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL CVE-2021-4155 kernel: fscontext: heap overflow in legacy parameter handling...

MiracleLinux 9 : libguestfs-winsupport-9.2-2.el9 (AXSA:2023-6554:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6554:02 advisory. NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image CVE-2022-40284 Tenable has extracted the preceding...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

kernel: NFSD: fix hang in nfsd4_shutdown_callback

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4shutdowncallback If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until...

CLSA-2026-1768824748 kernel: Fix of 7 CVEs

fs/proc: fix uaf in procreaddirde CVE-2025-40271 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-2978 - Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 - ALSA: usb-audio: Fix size...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

Microsoft Windows NTFS Code Execution Vulnerability (CNVD-2026-17156)

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...

Microsoft Windows NTFS Code Execution Vulnerability

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...

ROS-20260119-7389

A vulnerability in the ubifsdumptnc function of the UBIFS file system fs/ubifs/debug.c of the Linux kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7369

A vulnerability in the nfsacldprocgetacl and nfsd3procgetacl functions of the fs/nfsd/nfs2acl.c module of the Linux kernel NFS network file system support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integri...

ROS-20260119-7352

A vulnerability in the jointransaction function of the fs/btrfs/transaction.c module of the Linux kernel btrfs file system support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of...

MiracleLinux 3 : nfs-utils-1.0.9-42.1AXS3 (AXSA:2009-391:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-391:02 advisory. The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional...

EUVD-2026-2923

RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49110: netfilter: conntrack: revisit gc autotuning bsc1237981. CVE-2022-49139: Bluetooth: fix null ptr deref on hcisyncconncompleteevt bsc1238032...

Skipper security vulnerabilities

Skipper is an HTTP router and reverse proxy used for service combinations. Versions of Skipper prior to 0.23.0 have security vulnerabilities. These vulnerabilities stem from the default configuration, which allows untrusted users to create Lua filters, potentially leading to file system access...