49 matches found
CVE-2026-43420
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...
UBUNTU-CVE-2026-43420
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...
CVE-2026-43420
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephmdsauthmatch We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly cras...
UBUNTU-CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
PT-2026-8197
Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.18-rc1 and later Description The CephFS kernel client contains a flaw in the ceph mds auth match function where a NULL pointer dereference can occur if fs name is NULL. This issue arises during authorization checks with...
EUVD-2019-6808
Malware in sbrugna...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint to bypass authentication mechanisms. Remediation Upgrade...
SUSE CVE-2025-39927
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
AZL-71891 CVE-2025-39927 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
CVE-2025-39927
CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...
Linux Distros Unpatched Vulnerability : CVE-2020-8903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role roles/compute.osLogi...
CVE-2020-8903
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from th...
CVE-2019-15897
beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server which is typically not exposed to external networks...
GHSA-MVWQ-HCRJ-F5X9 Apereo CAS has inefficient regular expression complexity
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...
DEBIAN-CVE-2022-49296
In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...
DEBIAN-CVE-2024-56563
In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in cephmdscheckaccess getcurrentcred increments the reference counter, but the putcred call was missing...
SUSE CVE-2023-52732
In the Linux kernel, the following vulnerability has been resolved: ceph: blocklist the kclient when receiving corrupted snap trace When received corrupted snap trace we don't know what exactly has happened in MDS side. And we shouldn't continue IOs and metadatas access to MDS, which may corrupt ...