537 matches found
SUSE CVE-2026-45915
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...
CVE-2026-45915
A flaw was found in the Linux kernel's handling of FAT File Allocation Table filesystems. When processing corrupted FAT images, the rmdir function can incorrectly decrement the parent directory's link count. This underflow can lead to a system instability or a denial of service DoS by triggering ...
CVE-2026-45915
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...
CVE-2026-45915
In CVE-2026-45915, the Linux kernel FAT filesystem code fixes a parent-link underflow in rmdir. A corrupted FAT image could leave a directory inode with an incorrect i_nlink, causing rmdir to call drop_nlink(dir) and drive i_nlink to 0, triggering a WARN_ON. The patch adds a sanity check in vfat_...
CVE-2026-45915 fat: avoid parent link count underflow in rmdir
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...
CVE-2026-45915
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the rmdir operation in the FAT file system does not check the inlink value of the...
PT-2026-43782
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i nlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls drop nlinkdir and can drive i...
Linux Distros Unpatched Vulnerability : CVE-2026-45915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory...
CVE-2026-45915
fat: avoid parent link count underflow in rmdir...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fat: Fix for uninitialized fields in nostale filehandles When the function fatencodefhnostale encodes a file handle without a parent handle, it only stores the first 10 bytes of the file handle. However, the length of the file...
Authorization Bypass Through User-Controlled Key
Overview fatfreecrm is a customer relationship management platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the destroy action in app/controllers/emailscontroller.rb. An attacker can delete another user’s email record by sending...
Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID
Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...
GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID
Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...
SUSE-SU-2026:20592-1 Security update for 7zip
This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002207)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002207 advisory. Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service system crash...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001879)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001879 advisory. Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service system crash...
CVE-2016-10722
partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the markreservedsectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected...
CVE-2025-23915
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through = 1.1...
EUVD-2025-201192
In the Linux kernel, the following vulnerability has been resolved: vfat: fix missing sbminblocksize return value checks When emulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, but without format, a kernel panic was triggered during the early boot stag...