CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

CVE-2026-46160

CVE-2026-46160 concerns the Linux kernel’s btrfs code: when removing a directory, the last_unlink_trans field is not updated, which can cause incorrect fsync behavior if a directory is fsynced after being removed while a file descriptor remains open. This may lead to a log replay failure with -EI...

CVE-2026-45915

In CVE-2026-45915, the Linux kernel FAT filesystem code fixes a parent-link underflow in rmdir. A corrupted FAT image could leave a directory inode with an incorrect i_nlink, causing rmdir to call drop_nlink(dir) and drive i_nlink to 0, triggering a WARN_ON. The patch adds a sanity check in vfat_...

CVE-2026-45915 fat: avoid parent link count underflow in rmdir

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

Astra Linux - уязвимость в rustc

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

CVE-2026-35361

The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

SUSE CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

GSD-2022-1001289 ext4: fix fs corruption when tring to remove a non-empty directory with IO error

ext4: fix fs corruption when tring to remove a non-empty directory with IO error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by comm...

UBUNTU-CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A Competing Conditions Issue vulnerability exists in Rust that arises from the product's std::fs::removedirall function that does not validate user permissions. An attacker could use this vulnerability to remove...

PT-2019-8949 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: A command injection issue exists, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command...

DEBIAN-CVE-2010-3867

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

Codebrws.asp Source Disclosure Vulnerability

Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html. OpenVAS Vulnerability Test $Id:...