CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget

In the Linux kernel, the following vulnerability has been resolved: isofs: validate block number from NFS file handle in isofsexportiget isofsfhtodentry and isofsfhtoparent pass an attacker- controlled block number ifid-block or ifid-parentblock from the NFS file handle to isofsexportiget, which...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid cycles in the h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. This can easily lead to the kernel corrupting tree nodes that have already been verified during...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely inde...

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-1833

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

PT-2026-7504

The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

WordPress WaMate Confirm plugin <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Phone Number Blocking/Unblocking vulnerability discovered by Legion Hunter in WordPress Plugin WaMate Confirm versions = 2.0.1...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46777)

udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. This plugin only works with Tenable.ot...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990404)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990404 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in t...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990126)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990126 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986571 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would...

SUSE CVE-2022-49343

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from ext4 not verifying that block numbers in the directory h-tree are unique, which could lead to memory corruption...

SUSE CVE-2024-46777

In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely inde...

SUSE CVE-2013-1819

The xfsbuffind function in fs/xfs/xfsbuf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the ability to mount an XFS filesyst...

SUSE CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

...

UBUNTU-CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...

Trying to use timestamps with blocknumbers

Handle goatbug Vulnerability details Impact requirebondTimestamp + ONEDAY block.number; There are require statements comparing timestamps to blocknumbers. We cannot assume one block per second, this code would not work on different chains where block times radically differ. The effect is having...

Unbreakable Enterprise kernel security update

4.1.12-124.14.2 - scsi: iscsitcp: set BDICAPSTABLEWRITES when data digest enabled Jianchao Wang Orabug: 27726302 - block: fix biowillgap for first bvec with offset Ming Lei Orabug: 27775588 - block: relax check on sg gap Ming Lei Orabug: 27775588 - block: don't optimize for non-cloned bio in...