Lucene search
K

129 matches found

RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.9 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00904EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.3 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00904EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.6 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00904EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.3 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00904EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovl: Fixed a UAF Use-After-Free in ovldentryupdatereval by moving the dput function within ovllinkup. The issue arose because dputupper was called before ovldentryupdatereval, while upper-dflags was still accessed in...

7.8CVSS6.4AI score0.00182EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: F2FS: Invalidate the dentry cache when failing to create a whiteout entry. F2FS allows mounting file systems with corrupted directory depth values that are clamped to MAXDIRHASHDEPTH at runtime. When RENAMEWHITEOUT operations are...

5.4AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug related to the rename operation on broken directories. Syzbot reported that in the rename operation on broken directories in Nilfs2, the blockwritebeginint function called to prepare block writing may...

5.5CVSS6.1AI score0.00299EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Reject index allocation if $BITMAP is empty but index blocks exist. Index allocation requires at least one bit in the $BITMAP attribute to track the usage of index entries. If the bitmap is empty while index blocks are...

5.7AI score0.00183EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents renaming with an empty string. A client can send an empty newname string to the ksmbd server. This will cause a kernel error due to dalloc. This patch prevents the error from occurring when attempting to rename a...

5.5CVSS6.2AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 7:9 p.m.31 views

CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS0.00374EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.16 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00904EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.3 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00904EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:16 p.m.7 views

ALPINE-CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00904EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:16 p.m.12 views

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS0.00904EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/05/27 12:9 p.m.45 views

CVE-2026-2340 Samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS0.00904EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43869

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext2 filesystem where the ext2 iget function fails to reject inodes that have a link count i nlink of zero while maintaining a valid mode and a zero deletion time ...

9.8CVSS6AI score0.03663EPSS
Exploits15References284
Cvelist
Cvelist
added 2026/05/14 3:36 p.m.51 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS0.0029EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:22 p.m.7 views

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 7:38 p.m.7 views

GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/06 11:32 a.m.12 views

CVE-2025-71292

Summary (CVE-2025-71292): The Linux kernel JFS component has a vulnerability where, if a directory’s link count (nlink) is at its maximum and a rename operation affects a child directory, the nlink can wrap from -1 to 0, triggering an erroneous drop_nlink warning. Multiple sources indicate this h...

5.5CVSS5.9AI score0.00128EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder