Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: “spufs”: fixed a leak in spufscreatecontext. The fix for the leak was implemented back in 2008; however, it overlooked one case—if we try to set affinity, and spufsmkdir fails, we need to remove the reference to the neighbor obje...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-41338

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

PT-2026-34769

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in apply patch, remove, and mkdir operations to manipulate files between validation and executio...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

Summary basic-ftp's CRLF injection protection added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q is incomplete. Two code paths bypass the protectWhitespace control character check: 1 the login method directly concatenates user-supplied credentials into USER/PASS FTP commands without any validation,...

goshs has a file-based ACL authorization bypass in goshs state-changing routes

Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the applypatch, remove, and mkdir operations within the sandbox workspace process. An attacker can manipulate file system state by...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992671)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992671 advisory. In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufscreatecontext Leak fixes back in 2008 missed one case - if we are tryin...

CVE-2025-40307

CVE-2025-40307 affects the Linux kernel exFAT filesystem implementation. The vulnerability arises from validating the allocation bitmap for the exfat cluster allocation, enabling a scenario where, if the allocation bitmap start cluster is 6, cluster 6 could be allocated during mkdir, causing dele...

CVE-2025-59349 Directories created via os.MkdirAll are not checked for permissions

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...

Solaris 10 (i386): 153094-01

SunOS 5.10: SunOS 5.10x86: mkdir patch. Date this patch was last updated by Sun : Apr/14/25 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255256; scriptversion"1.1";...

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a...

DEBIAN-CVE-2021-47579

In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the cgroup2 filesystem not instantiating a new dentry when returning from mkdir...

EasyFTP Security Vulnerability

EasyFTP is an easy-to-use FTP service. A security vulnerability exists in EasyFTP version 1.7.0.2, which originates from an unknown function in the component MKD Command Handler that can easily lead to a buffer overflow...

PT-2024-10548 · Easyftp · Easyftp

Name of the Vulnerable Software and Affected Versions: EasyFTP version 1.7.0.2 Description: A critical issue was found in the MKD Command Handler component, which can be exploited remotely. The manipulation leads to a buffer overflow. Recommendations: For EasyFTP version 1.7.0.2, at the moment,...

DEBIAN-CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

PT-2019-8949 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: A command injection issue exists, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command...