SUSE CVE-2026-43408

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

EUVD-2026-28714

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

CVE-2026-43408

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

CVE-2026-43419 ceph: fix memory leaks in ceph_mdsc_build_path()

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...

CVE-2026-43408

CVE-2026-43408 concerns the Linux kernel Ceph path handling: a missing zero-initialization of ceph_path_info before ceph_mdsc_build_path() calls can lead to crashes when ceph_mdsc_free_path_info() is invoked on error paths. Multiple code paths lacked proper initializers; the recommended fix is to...

CVE-2026-43408

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cephmdscbuildpath function not releasing the path pointer obtained through getname, resulting...

PT-2026-39069

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Ceph component of the Linux kernel where the ceph mdsc build path function is called without a zero-initialized ceph path info parameter. If ceph mdsc build path...

CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

CVE-2026-34054

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

EUVD-2019-4672

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-1002153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. CVE-2017-1002153 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2017-14804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

openSUSE Security Update : buildah (openSUSE-2020-2106)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : - Handle cases where other tools mount/unmount containers - overlay.MountReadOnly: support RO overlay mounts - overlay: use fusermount for rootless umounts - overlay: fix umount - Switch default log...

docker: command injection due to a missing validation of the git ref command

A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute code with the...

Command Injection

github.com/moby/moby is vulnerable to Command Injection. Misintepretation of the git ref command as a flag allows an attacker to execute arbitrary code remotely if there is control over the build path issued to the docker build...

PYSEC-2013-9

pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory...