129 matches found
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: F2FS: Invalidate the dentry cache when failing to create a whiteout entry. F2FS allows mounting file systems with corrupted directory depth values that are clamped to MAXDIRHASHDEPTH at runtime. When RENAMEWHITEOUT operations are...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug related to the rename operation on broken directories. Syzbot reported that in the rename operation on broken directories in Nilfs2, the blockwritebeginint function called to prepare block writing may...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ovl: Fixed a UAF Use-After-Free in ovldentryupdatereval by moving the dput function within ovllinkup. The issue arose because dputupper was called before ovldentryupdatereval, while upper-dflags was still accessed in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Reject index allocation if $BITMAP is empty but index blocks exist. Index allocation requires at least one bit in the $BITMAP attribute to track the usage of index entries. If the bitmap is empty while index blocks are...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents renaming with an empty string. A client can send an empty newname string to the ksmbd server. This will cause a kernel error due to dalloc. This patch prevents the error from occurring when attempting to rename a...
CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
ALPINE-CVE-2026-2340
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
CVE-2026-2340
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
CVE-2026-2340 Samba: vfs_worm does not block directory modification
A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
PT-2026-43869
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext2 filesystem where the ext2 iget function fails to reject inodes that have a link count i nlink of zero while maintaining a valid mode and a zero deletion time ...
CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository
🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...
CVE-2025-71292
Summary (CVE-2025-71292): The Linux kernel JFS component has a vulnerability where, if a directory’s link count (nlink) is at its maximum and a rename operation affects a child directory, the nlink can wrap from -1 to 0, triggering an erroneous drop_nlink warning. Multiple sources indicate this h...