btrfs: fix missing last_unlink_trans update when removing a directory

...

CVE-2026-46223

In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant that a subsystem's -cssoffline must not run while tasks are still doin...

CVE-2026-46160

CVE-2026-46160 concerns the Linux kernel’s Btrfs filesystem: when removing a directory, last_unlink_trans is not updated, which can lead to incorrect fsync behavior if a directory with an open file descriptor is fsynced after removal. This can cause log replay during mount to fail with -EIO, pote...

CVE-2026-45915 fat: avoid parent link count underflow in rmdir

In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exist. rmdir then unconditionally calls dropnlinkdir and can drive inlink...

CVE-2026-45915

In CVE-2026-45915, the Linux kernel FAT filesystem code fixes a parent-link underflow in rmdir. A corrupted FAT image could leave a directory inode with an incorrect i_nlink, causing rmdir to call drop_nlink(dir) and drive i_nlink to 0, triggering a WARN_ON. The patch adds a sanity check in vfat_...

Astra Linux – Vulnerability in RustC

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

CVE-2026-35361

The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the RMD parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

SUSE CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

The vulnerability of the `std::fs::remove_dir_all` function in the Rust programming language allows a malicious actor to delete any system files and directories they desire.

The vulnerability of the std::fs::removedirall function in the Rust programming language is related to synchronization errors when using a shared resource. Exploiting this vulnerability could allow an attacker to delete arbitrary system files and directories...

GSD-2022-1001289 ext4: fix fs corruption when tring to remove a non-empty directory with IO error

ext4: fix fs corruption when tring to remove a non-empty directory with IO error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by comm...

UBUNTU-CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable a race condition enabling symlink following CWE-363. A...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A Competing Conditions Issue vulnerability exists in Rust that arises from the product's std::fs::removedirall function that does not validate user permissions. An attacker could use this vulnerability to remove...

PT-2019-8949 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology Diskstation Manager DSM versions prior to 6.2-23739-1 Description: A command injection issue exists, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command...

DEBIAN-CVE-2010-3867

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

Codebrws.asp Source Disclosure Vulnerability

Microsoft's IIS 5.0 web server is shipped with a set of sample files to demonstrate different features of the ASP language. One of these sample files allows a remote user to view the source of any file in the web root with the extension .asp, .inc, .htm, or .html. OpenVAS Vulnerability Test $Id:...