CVE-2021-47874

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem...

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...

EUVD-2026-3595

Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS...

ROS-20260121-73-0028

A vulnerability in the nfsd component of the Linux operating system kernel is related to errors in updating the reference count. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-3826

VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem...

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

MiracleLinux 8 : kernel-4.18.0-348.12.2.el8_5 (AXSA:2022-3013:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3013:03 advisory. kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL CVE-2021-4155 kernel: fscontext: heap overflow in legacy parameter handling...

PT-2026-3680

Name of the Vulnerable Software and Affected Versions Oracle ZFS Storage Appliance Kit version 8.8 Description An easily exploitable issue exists within the Filesystems component of the Oracle ZFS Storage Appliance Kit. A high-privileged attacker with access to the system where the kit executes c...

MiracleLinux 9 : libguestfs-winsupport-9.2-2.el9 (AXSA:2023-6554:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6554:02 advisory. NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image CVE-2022-40284 Tenable has extracted the preceding...

kernel: NFSD: fix hang in nfsd4_shutdown_callback

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4shutdowncallback If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

CLSA-2026-1768824748 kernel: Fix of 7 CVEs

fs/proc: fix uaf in procreaddirde CVE-2025-40271 - fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-2978 - Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 - net: sched: sfb: fix null pointer access issue when sfbinit fails CVE-2022-50356 - ALSA: usb-audio: Fix size...

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

MiracleLinux 3 : nfs-utils-1.0.9-42.1AXS3 (AXSA:2009-391:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-391:02 advisory. The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional...

ROS-20260119-7352

A vulnerability in the jointransaction function of the fs/btrfs/transaction.c module of the Linux kernel btrfs file system support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of...

ROS-20260119-7369

A vulnerability in the nfsacldprocgetacl and nfsd3procgetacl functions of the fs/nfsd/nfs2acl.c module of the Linux kernel NFS network file system support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integri...

ROS-20260119-7389

A vulnerability in the ubifsdumptnc function of the UBIFS file system fs/ubifs/debug.c of the Linux kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Microsoft Windows NTFS Code Execution Vulnerability (CNVD-2026-17156)

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...