PT-2026-43851

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2 iomap begin via release metapath while iomap-inline data still points to dibh-b data. This causes a...

PT-2025-53957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s jbd2 subsystem related to buffer head reference counting. Specifically, within the jbd2 fc wait bufs function, if a buffer is not up-to-date, the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992312 advisory. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential use-after-free in jbd2fcwaitbufs In 'jbd2fcwaitbufs' use 'bh' after put buffe...

kernel: drivers:md:fix a potential use-after-free bug

A use-after-free bug exists in the linux kernel such that in the line "raid5releasestripesh;" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines "if sh-batchhead && sh != sh-batchhead" resulting in a minor application crash...

GO-2024-2800 Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository's HEAD reference of its default branch by passing arguments to the Git binary on the host...

GHSA-Q64H-39HV-4CF7 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository’s HEAD reference of its default branch by passing arguments to the Git binary on the host...

HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

When go-getter is performing a Git operation, go-getter will try to clone the given repository. If a Git reference is not passed along with the Git url, go-getter will then try to check the remote repository’s HEAD reference of its default branch by passing arguments to the Git binary on the host...

NextCloud Cookbook 操作系统命令注入漏洞

NextCloud Cookbook is a recipe from NextCloud, Inc. NextCloud Cookbook has a security vulnerability that stems from the use of an untrusted github.headref field...