1678 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Always detect conflicting inodes when logging inode refs After renaming an inode, either through the rename operation or through regular renames in multiple non-atomic steps, if two inodes exist and at least one of them is...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed to avoid dirent corruption As Al reported in link 1: f2fsrename … if olddir != newdir && !whiteout f2fssetlinkoldinode, olddirentry, olddirpage, newdir; else f2fsputpageolddirpage, 0; You need the correct inumber i...
Astra Linux - уязвимость в u-boot
In “Das U-Boot through 2020.01”, a double-free operation was detected in the cmd/gpt.c file’s dorenamegptparts function. Double-freeing can lead to a “write-what-where” condition, allowing an attacker to execute arbitrary code. NOTE: This vulnerability was introduced when attempting to fix a memo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a race condition that occurred due to concurrent opens during the rename2 operation. In addition to sending the rename request to the server, the rename process also involves closing any deferred closes, waitin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Fixed a use-after-free when renaming device names. Syzbot reported a slab-use-after-free with the following call trace: ========================================== BUG: KASAN: slab-use-after-free in nlaput+0xd3/0x150...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel before version 6.1.13, there is a double-free in the net/mpls/afmpls.c file when an allocation failure occurs due to registering the sysctl table under a new location during the renaming of a device...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hugetlb, userfaultfd: fixed the issue of reservation restoration when an error occurs with userfaultfd. Currently, in the iscontinue case within hugetlbmcopyatomicpte, if we use “goto outreleaseunlock;“ in cases where idx =...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug related to the rename operation on broken directories. Syzbot reported that in the rename operation on broken directories in Nilfs2, the blockwritebeginint function called to prepare block writing may...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: shmem: fixed the issue with recovery when there are name change failures. Mapletree insertions may fail if we are severely short on memory; simpleoffsetrename does not handle such situations properly. The same applies to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to avoid a memory leak in f2fsrename. syzbot reported the following bug: BUG: Memory leak. Unreferenced object: 0xffff888127f70830 size 16: Command: “syz.0.23”, PID 6144, jiffies 4294943712 Hex dump first 16...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double calls to brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free a free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 … Call Trace:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Landlock: Fixed the handling of disconnected directories. Disconnected files or directories may appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a w...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Initializing quotas for ‘old.inode’ in ‘ext4rename’. Syzbot identified the following issues: - ext4parseparam: swantextraisize=128 - ext4inodeinfoinit: swantextraisize=32 - ext4rename: old.inode=ffff88823869a2c8;...
GHSA-245J-XJVR-XVM5 CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
PT-2026-41769
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
CVE-2026-42590
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-40893
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...
EUVD-2026-30316
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-42590
Gotenberg contains a vulnerability (CVE-2026-42590) where ExifTool group-prefix syntax can bypass the dangerous-tag blocklist in metadata handling, allowing arbitrary file rename, move, hardlinks, and symlinks on the server. The issue exists prior to version 8.30.0; the safeKeyPattern and prefix ...