Lucene search
K

153 matches found

OSV
OSV
added 2025/08/14 4:15 p.m.2 views

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

5.5CVSS7.6AI score0.0021EPSS
Exploits1References1
OSV
OSV
added 2025/08/14 2:0 p.m.2 views

UBUNTU-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

6.2CVSS7AI score0.0021EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33306

Name of the Vulnerable Software and Affected Versions: AIDE versions prior to 0.19.2 Description: AIDE is susceptible to an improper output neutralization issue. An attacker can create a malicious filename containing terminal escape sequences to conceal file additions or removals from reports and...

6.2CVSS6.2AI score0.00216EPSS
Exploits2References44
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2022-50083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inodesize is not less than EXT4GOODOLDINODESIZE +...

7.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-12233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

7.8CVSS6.3AI score0.02342EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-40902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of...

7.8CVSS7.3AI score0.00317EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/06/30 3:47 a.m.8 views

kernel: Squashfs: fix handling and sanity checking of xattr_ids count

In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattrids count A Sysbot 1 corrupted filesystem exposes two flaws in the handling and sanity checking of the xattrids count in the filesystem. Both of these flaws cause computation...

5.5CVSS6.4AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.10 views

CBL Mariner 2.0 Security Update: kernel (CVE-2025-39735)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-39735 advisory. - In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eag...

7.1CVSS6.2AI score0.00215EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/04/18 11:18 p.m.3 views

SUSE CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

7.8CVSS7.8AI score0.00215EPSS
Exploits0References19
OSV
OSV
added 2025/04/18 7:15 a.m.4 views

DEBIAN-CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

7.1CVSS6AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2025/04/18 7:15 a.m.4 views

UBUNTU-CVE-2025-39735

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

7.1CVSS6.4AI score0.00215EPSS
Exploits0References50
CVE
CVE
added 2025/04/18 7:1 a.m.166 views

CVE-2025-39735

CVE-2025-39735 affects the Linux kernel's JFS: a slab-out-of-bounds read in ea_get() can occur when processing extended attributes. The root cause is an overflow during clamping of ea_size against EALIST_SIZE(ea_buf->xattr) due to int upper-bound handling, causing a negative size to be used in...

7.1CVSS6.6AI score0.00215EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2025/04/18 7:1 a.m.9 views

CVE-2025-39735 jfs: fix slab-out-of-bounds read in ea_get()

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

7.1CVSS6.7AI score0.00215EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2024/11/14 12:9 p.m.14 views

CVE-2023-4458 Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

4CVSS5.9AI score0.00833EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/11/12 8:0 a.m.4 views

jfs: Fix uninit-value access of new_ea in ea_buffer

...

7.1CVSS7.2AI score0.00279EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/30 1:41 a.m.8 views

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

5.5CVSS7.4AI score0.00221EPSS
Exploits0References5
OSV
OSV
added 2024/10/21 6:15 p.m.3 views

UBUNTU-CVE-2024-49900

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

7.1CVSS6.5AI score0.00279EPSS
Exploits0References43
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ocfs2 file system not reserving enough space for an inline xattr before attaching a reflink tree...

5.5CVSS6.7AI score0.00257EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/09/24 2:39 a.m.4 views

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

5.5CVSS7.4AI score0.00221EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/24 12:40 a.m.5 views

kernel: ext4: do not create EA inode under buffer lock

A vulnerability was found in the Linux kernel's ext4 filesystem, where the system could create EA inodes while holding a buffer lock, this approach can lead to deadlocks, especially if the filesystem is corrupted...

5.5CVSS7.4AI score0.00221EPSS
Exploits0References5
Rows per page
Query Builder