CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal in the import.json.php endpoint when handling the fileURI parameter. An authenticated user with upload permissions can access and copy private...

PT-2025-46238

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java affected versions not specified Description An information disclosure issue exists in SAP NetWeaver Application Server Java. An unauthenticated attacker can access internal metadata files through crafted...

EUVD-2022-3761

Malicious code in bioql PyPI...

SUSE CVE-2023-53440

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...

CVE-2023-53440

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...

CVE-2023-53440

In CVE-2023-53440, the Linux kernel nilfs2 sysfs interface had lifetime timing issues that could lead to inode NULL pointer dereferences or use-after-free, and lockdep warnings. Specifically, nilfs_sysfs_create_device_group creates sysfs attributes for per-filesystem metadata (cpfile, sufile, dat...

CVE-2023-53440 nilfs2: fix sysfs interface lifetime

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix sysfs interface lifetime The current nilfs2 sysfs support has issues with the timing of creation and deletion of sysfs entries, potentially leading to null pointer dereferences, use-after-free, and lockdep warnings...

PT-2025-38459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The nilfs2 sysfs support in the Linux kernel has issues with the timing of creation and deletion of sysfs entries. This can lead to null pointer dereferences, use-after-free conditions,...

CVE-2022-50336 fs/ntfs3: Add null pointer check to attr_load_runs_vcn

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attrloadrunsvcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS...

CVE-2022-50336

CVE-2022-50336 – Linux kernel (fs/ntfs3) Root cause: a missing null pointer check in attr_load_runs_vcn when parsing certain NTFS metadata before MFT could permit a kernel NULL pointer dereference on malformed images. Impact: kernel crash/free crash (NPD) resulting from NULL dereference in ntfs-r...

GHSA-Q6R9-R9PW-4CF7 tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

CVE-2024-50230

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, blockwritebeginint, which is called to prepare bloc...

CVE-2024-50230 nilfs2: fix kernel bug due to missing clearing of checked flag

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, blockwritebeginint, which is called to prepare bloc...

CVE-2024-42105

CVE-2024-42105 – nilfs2 inode range/UAF fixes in Linux kernel : The referenced security issue is mitigated by a patch series for nilfs2 that fixes a use-after-free and several inode-number range problems. Specifically, nilfs->ns_first_ino (the first non-reserved inode) was read from the superb...

Validator CLI Tool Fails to Process VMs in Per-machine backup with separate metadata files

Challenge When attempting to use the Veeam Backup Validator command-line tool to validate the VMs contained within a job that was using the Per-machine backup with separate metadata files aka True Per-VM backup chain format, the Veeam Backup Validator tool throws the error: Cannot find last point...

CVE-2023-30551

Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory OOM conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of...

SUSE-SU-2022:3198-2 Security update for php8-pear

This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 jscSLE-24728 - Update to 1.10.21 - PEAR 1.10.13 unsupported protocol - use --force to continue Add $this operator to determineIfPowerpc calls - Update to 1.10.20 - ArchiveTar 1.4.14 Properly fix symbolic link path...

CVE-2022-3621

A flaw was found in the NILFS2 file system implementation in the Linux kernel. If the imode field in inode of the metadata files is corrupted on the disk, it can cause the initialization of the bmap structure not being called, resulting in a NULL pointer dereference at nilfsbmaplookupatlevel. A...

SUSE-SU-2022:3198-1 Security update for php8-pear

This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 jscSLE-24728 - Update to 1.10.21 - PEAR 1.10.13 unsupported protocol - use --force to continue Add $this operator to determineIfPowerpc calls - Update to 1.10.20 - ArchiveTar 1.4.14 Properly fix symbolic link path...