34 matches found
GHSA-GXJX-7M74-HCQ8 File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...
PT-2026-49066
Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes is only a path separator on Windows. A file whose name contains Windows-style traversal ......evil.txt is accepted by the resource handlers,...
CVE-2026-45864
fs/ntfs3: prevent infinite loops caused by the next valid being the same...
curl: curl --skip-existing has a TOCTOU race that lets a post-check symlink redirect the later download write
Summary: The curl CLI's --skip-existing option performs a separate existence check before the download body is written. In the verified path, curl first calls stat on the target pathname and decides "the file does not exist, so continue", but it does not keep an fd bound to that decision. The...
Linux Distros Unpatched Vulnerability : CVE-2025-40025
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------ cut here ------------ kernel BUG at fs/f2fs/file.c:1243!...
EUVD-2003-0495
Malware in sbrugna...
EUVD-2017-18743
Malware in sbrugna...
CVE-2025-38697
The CVE relates to the Linux kernel JFS: an upper bound check in dbAllocAG when computing the tree index could go out of bounds if filesystem metadata is corrupted. This could enable a local attacker to trigger out-of-bounds conditions in JFS data structures. The vulnerability is resolved in the ...
Linux Distros Unpatched Vulnerability : CVE-2025-37785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in...
Linux Distros Unpatched Vulnerability : CVE-2025-37931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in...
kernel: ext4: avoid journaling sb update on error if journal is destroying
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUGON if trying to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen. However, while ltp running stress...
ext4: ignore xattrs past end
...
The vulnerability of the fs/nilfs2 component in the Linux operating system, which allows a hacker to trigger a service failure
The vulnerability of the fs/nilfs2 component in Linux operating systems is related to insufficient blocking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the reiserfs_rename() function in the fs/reiserfs/namei.c module of the Linux file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the reiserfsrename function in the fs/reiserfs/namei.c module of the Linux file system support module is related to improper locking of resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protecte...
The vulnerability of the __ocfs2_change_file_space() function in the fs/ocfs2/file.c module of the Linux file system support module allows a attacker to cause a service failure.
The vulnerability of the ocfs2changefilespace function in the fs/ocfs2/file.c module of the Linux file system support module is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the btrfs_get_blocks_direct_write() function in the file system of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the btrfsgetblocksdirectwrite function in the file system of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ext4_xattr_set_entry() function in the fs/ext4/xattr.c module of the Ext4 file system in the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the ext4xattrsetentry function in the fs/ext4/xattr.c module of the Ext4 file system in the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...
[SECURITY] Fedora 41 Update: fscrypt-0.3.5-2.fc41
fscrypt is a high-level tool for the management of Linux filesystem encryptio n. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories...
SUSE CVE-2022-49171
In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 20181; however, more recently...
DEBIAN-CVE-2022-49337
In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of userdlmdestroylock When userdlmdestroylock failed, it didn't clean up the flags it set before exit. For USERLOCKINTEARDOWN, if this function fails because of lock is still in used, next time wh...