SUSE CVE-2026-46072

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

CVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

EUVD-2026-32454

In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to rununpack rununpack checks runbuf runlast at the top of the while loop but then reads sizesize and offsetsize bytes via rununpacks64 without verifying they fit within the remaining buffer. A...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Fixed a null-ptr-deref issue in inode-iop in ntfslookup. Syzbot reported a null-ptr-deref bug: ntfs3: loop0: The sector size of NTFS is 1024, while the media sector size is 512. ntfs3: loop0: Marking the volume as...

CVE-2026-43127

In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix circular locking dependency in rununpackex Syzbot reported a circular locking dependency between wnd-rwlock sbi-used.bitmap and ni-file.runlock. The deadlock scenario: 1. ntfsextendmft takes ni-file.runlock then...

CVE-2026-43127

CVE-2026-43127 concerns the Linux kernel ntfs3 component, where a circular locking dependency between wnd->rw_lock and ni->file.run_lock creates an AB-BA deadlock. The deadlock scenario: ntfs_extend_mft() acquires ni->file.run_lock then wnd->rw_lock; run_unpack_ex() acquires wnd->r...

Linux Distros Unpatched Vulnerability : CVE-2026-43127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntfs3: fix circular locking dependency in rununpackex Syzbot reported a circular locking dependency between wnd-rwlock sbi-used.bitmap and ni-file.runlock. The...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...

Astra Linux - уязвимость в ntfs-3g

In NTFS-3G versions before version 2021.8.22, when a specially crafted MFT section is provided in an NTFS image, a heap buffer overflow may occur, allowing code execution...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Added a overflow check for attribute size. The offset addition could cause an overflow, potentially passing the used size check when processing attributes with very large sizes e.g., 0xffffff7f. This could lead to...

Astra Linux - уязвимость в ntfs-3g

NTFS-3G versions 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root...

📄 GoAnywhere MFT 7.9.1 HTML Injection

GoAnywhere MFT versions prior to 7.10.0 are affected by an HTML injection vulnerability in the email templating functionality. If an attacker is able to influence the content of a template variable, malicious HTML can be embedded into outgoing emails generated by the application. As these message...

EUVD-2025-209540

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

EUVD-2026-24130

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

CVE-2025-14362

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force...

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

CVE-2026-0972

CVE-2026-0972 concerns Fortra’s GoAnywhere MFT up to version 7.10.0. Connected sources document two concrete issues: 1) HTML injection in system-generated emails, and 2) the SFTP login limit is not enforced prior to 7.10.0 when a user logs in with an SSH key, potentially enabling brute-force key ...