SUSE CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

EUVD-2026-30140

Any Editor could delete any snapshot, even if they have no access to read or write them...

UBUNTU-CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990863)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990863 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986474 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which...

EUVD-2024-1120

Malicious code in bioql PyPI...

CVE-2024-52561

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change...

CVE-2024-46840

...

SUSE CVE-2024-46840

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUGONrefs == 0, which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walkdownproc we...

SUSE CVE-2022-48901

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

CVE-2022-48901

A flaw was found in the btrfs module in the Linux Kernel. In some conditions, a race condition can allow operations to run at the same time, causing an assertion failure, resulting in a denial of service...

CVE-2022-48901

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

UBUNTU-CVE-2022-48901

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

CVE-2022-48901 btrfs: do not start relocation until in progress drops are done

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

CVE-2022-48901

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that if snapshot deletion and balancing operations are run concurrently in a production environment...

Rocky Linux 9 : grafana (RLSA-2024:2568)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2568 advisory. - It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:1508-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1508-1 advisory. - A user changing their email after signing up and verifying it can change it without verification in profile settings. The...

Grafana Labs 9.5 < 9.5.18, 10.0 < 10.0.13, 10.1 < 10.1.9, 10.2 < 10.2.6, 10.3 < 10.3.5 (CVE-2024-1313)

The version of Grafana Labs installed on the remote host is prior to 9.5.18, 10.0.13, 10.1.9, 10.2.6 or 10.3.5. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1313 advisory. - It is possible for a user in a different organization from the owner of a snapshot to bypass...

BIT-GRAFANA-2024-1313 Users outside an organization can delete a snapshot with its key

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit ...