Lucene search
K

223 matches found

CVE
CVE
added 2025/03/03 5:5 p.m.116 views

CVE-2025-0678

The CVE-2025-0678 entry describes a grub2 squash4 filesystem flaw where integer overflow in buffer size calculations leads to grub_malloc() under-allocating and a heap-based out-of-bounds write during direct_read(), potentially allowing arbitrary code execution and bypass of secure boot. Connecte...

7.8CVSS6.8AI score0.00269EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 5:5 p.m.11 views

CVE-2024-45782 Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...

7.8CVSS6.3AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/02/26 7:1 a.m.12 views

CVE-2022-49349

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4renamedirprepare We got issue as follows: EXT4-fs loop0: mounted filesystem without journal. Opts: ,errors=continue ext4getfirstdirblock: bh-bdata=0xffff88810bee6000 len=34478 ext4getfirstdirblock:...

7.8CVSS0.00288EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.4 views

The vulnerability of the ext4_mb_find_good_group_avg_frag_lists() function in the ext4 file system of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the ext4mbfindgoodgroupavgfraglists function in the ext4 file system of the Linux operating system is related to read errors beyond the memory boundary. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00239EPSS
Exploits0References10Affected Software4
Cvelist
Cvelist
added 2025/02/18 7:26 p.m.17 views

CVE-2024-45783 Grub2: fs/hfs+: refcount can be decremented twice

A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access...

4.4CVSS0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 2:59 p.m.7 views

CVE-2020-15230

Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...

8.5CVSS6.8AI score0.0153EPSS
Exploits0
Veracode
Veracode
added 2025/02/05 8:28 a.m.8 views

Directory Traversal

org.gaul:s3proxy is vulnerable to Directory Traversal. The vulnerability is due to improper access control due to the filesystem and filesystem-nio2 storage backends potentially exposing local files to users unintentionally...

6CVSS6.6AI score0.00528EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.5 views

PT-2025-3135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the XFS filesystem. The issue occurs when a link call tries to set up a transaction to link a child into a directory,...

8.1CVSS7.8AI score0.00737EPSS
Exploits3References847
RedhatCVE
RedhatCVE
added 2024/11/21 7:0 p.m.8 views

CVE-2024-50191

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...

5.5CVSS6.9AI score0.00204EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/12 6:53 p.m.40 views

CVE-2024-32116

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the...

5.1CVSS0.00238EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/06 12:0 a.m.4 views

The vulnerability of the nilfs_btree_check_delete() function in the file system of the nilfs2 driver in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the nilfsbtreecheckdelete function in the fs/nilfs2/btree.c file of the Linux operating system’s kernel involves accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the...

7.1CVSS7.2AI score0.00239EPSS
Exploits0References30Affected Software6
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper access to dentry.dname.name in the file system subsystem, which could cause the kernel to crash...

4.6CVSS6.6AI score0.00388EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/16 8:15 p.m.11 views

CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...

8.2CVSS8.3AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2024/08/12 3:15 p.m.33 views

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS0.00776EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/30 7:46 a.m.15 views

CVE-2024-42149 fs: don't misleadingly warn during thaw operations

In the Linux kernel, the following vulnerability has been resolved: fs: don't misleadingly warn during thaw operations The block device may have been frozen before it was claimed by a filesystem. Concurrently another process might try to mount that frozen block device and has temporarily claimed...

6.8AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the fs module during an unfreeze operation, which may misleadingly issue a warning if a block device has been...

5.5CVSS6.5AI score0.00183EPSS
Exploits0References3
OSV
OSV
added 2024/07/16 11:15 p.m.3 views

CVE-2024-21151

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successfu...

3.3CVSS7.2AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2024/02/20 2:15 a.m.5 views

CVE-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS9.1AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/01/25 12:0 p.m.5 views

bump (=0.0.0), resufancy (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via filesystem (=0.4.4)

filesystem CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on filesystem and may be impacted: - bump =0.0.0 - resufancy =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0015...

5.8AI score
Exploits0
Prion
Prion
added 2024/01/22 6:15 p.m.12 views

Directory traversal

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

4.4CVSS7.2AI score0.00326EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder