209 matches found
CVE-2026-49247
Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...
Directory Traversal
Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Directory Traversal via the POST /ClientLog/Document endpoint, which uses unsanitized values from the Authorization header...
EUVD-2026-38907
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...
CVE-2026-49247 Jellyfin: Potential Authenticated path traversal in /ClientLog/Document
Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...
CVE-2026-53039
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...
CVE-2026-53039
CVE-2026-53039 concerns the Linux kernel OCFS2 code where OCFS2_IOC_GROUP_ADD could trigger a BUG_ON in ocfs2_set_new_buffer_uptodate due to validating the group input too late. The root cause is user-controlled group block being cached before ocfs2_verify_group_and_input() validates it, and impr...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify the inode mode when loading from disk. syzbot reports that the SIFMT bits of the inode-imode field can become invalid when the SIFMT bits of the 16-bit “mode” field loaded from disk are corrupted. According to 1,...
PT-2026-51933
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ocfs2 module where the OCFS2 IOC GROUP ADD ioctl can trigger a kernel BUG ON. This occurs because the ocfs2 group add function calls ocfs2 set new buffer uptodate ...
CVE-2026-10645
The Zephyr ext2 filesystem driver subsys/fs/ext2 trusted the on-disk directory entry fields dereclen and denamelen when walking a directory block. ext2fetchdirentry guarded only with denamelen EXT2MAXFILENAME, but denamelen is a uint8t and EXT2MAXFILENAME is 255, so the check is always false; the...
CVE-2026-10645
The Zephyr ext2 filesystem driver subsys/fs/ext2 trusted the on-disk directory entry fields dereclen and denamelen when walking a directory block. ext2fetchdirentry guarded only with denamelen EXT2MAXFILENAME, but denamelen is a uint8t and EXT2MAXFILENAME is 255, so the check is always false; the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a shift-out-of-bounds/overflow issue in nilfssb2badoffset. The patch series “nilfs2: Fix UBSAN shift-out-of-bounds warnings during mount time” addresses this issue. The first patch fixes a bug reported by syzbot,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Filter out the EXT4FCREPLAY bit from the on-disk superblock’s sstate field. The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are currently replaying the fast commit journal. This was actually a mistake, a...
Astra Linux – Vulnerability in Firefox
The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...
CVE-2026-8612
CVE-2026-8612 affects WWW::Mechanize::Cached
CVE-2026-43895
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...
PT-2026-39026
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the l iclog roundoff value is set to 512 if the superblock does not list a log stripe unit. On disks with 4k physical sectors, this results i...
CVE-2026-43166 erofs: fix interlaced plain identification for encoded extents
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...
CVE-2026-43046
A flaw was found in the Linux kernel's btrfs filesystem. This vulnerability allows an attacker with local access to trigger a kernel bug system crash by providing specially crafted, malformed btrfs metadata on disk. Specifically, an invalid state where dropprogress.objectid is non-zero and...
PT-2026-36336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...
CVE-2026-31449
A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerability by providing a specially crafted or corrupted on-disk extent header. This could cause an out-of-bounds read in memory, potentially leading to information disclosure or a system crash Denial o...