Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates the index root when initializing NTFS security. This improves the sanity check for $SDH and $SII during the initialization of NTFS security, ensuring that these index roots are legitimate. 162.459513 BUG:...

OpenClaw's message tool media parameter bypasses tool policy filesystem isolation

Summary The message tool accepted mediaUrl and fileUrl aliases without applying the same sandbox localRoots validation as the canonical media path handling. Impact A caller constrained to sandbox media roots could read arbitrary local files by routing them through the alias parameters. Affected...

DEBIAN-CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

SUSE CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

SUSE CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

UBUNTU-CVE-2022-50737

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

CVE-2022-50737

CVE-2022-50737 relates to the Linux kernel ntfs3 subsystem. The connected materials describe a fix for validating the NTFS security index roots during NTFS security initialization, addressing a use-after-free scenario illustrated by a KASAN report when mounting NTFS. The resolution enforces that ...

CVE-2022-50737 fs/ntfs3: Validate index root when initialize NTFS security

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to validate the index root when initializing NTFS security, which could lead to reuse after release...

EUVD-2023-59782

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-56774

In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfssearchslot Syzbot reports a null-ptr-deref in btrfssearchslot. The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When...