223 matches found
CVE-2025-0678
The CVE-2025-0678 entry describes a grub2 squash4 filesystem flaw where integer overflow in buffer size calculations leads to grub_malloc() under-allocating and a heap-based out-of-bounds write during direct_read(), potentially allowing arbitrary code execution and bypass of secure boot. Connecte...
CVE-2024-45782 Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...
CVE-2022-49349
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4renamedirprepare We got issue as follows: EXT4-fs loop0: mounted filesystem without journal. Opts: ,errors=continue ext4getfirstdirblock: bh-bdata=0xffff88810bee6000 len=34478 ext4getfirstdirblock:...
The vulnerability of the ext4_mb_find_good_group_avg_frag_lists() function in the ext4 file system of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the ext4mbfindgoodgroupavgfraglists function in the ext4 file system of the Linux operating system is related to read errors beyond the memory boundary. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2024-45783 Grub2: fs/hfs+: refcount can be decremented twice
A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access...
CVE-2020-15230
Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4...
Directory Traversal
org.gaul:s3proxy is vulnerable to Directory Traversal. The vulnerability is due to improper access control due to the filesystem and filesystem-nio2 storage backends potentially exposing local files to users unintentionally...
PT-2025-3135 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the XFS filesystem. The issue occurs when a link call tries to set up a transaction to link a child into a directory,...
CVE-2024-50191
In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...
CVE-2024-32116
Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the...
The vulnerability of the nilfs_btree_check_delete() function in the file system of the nilfs2 driver in the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the nilfsbtreecheckdelete function in the fs/nilfs2/btree.c file of the Linux operating system’s kernel involves accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper access to dentry.dname.name in the file system subsystem, which could cause the kernel to crash...
CVE-2024-43395 CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)
CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without...
CVE-2024-38530
The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...
CVE-2024-42149 fs: don't misleadingly warn during thaw operations
In the Linux kernel, the following vulnerability has been resolved: fs: don't misleadingly warn during thaw operations The block device may have been frozen before it was claimed by a filesystem. Concurrently another process might try to mount that frozen block device and has temporarily claimed...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates in the fs module during an unfreeze operation, which may misleadingly issue a warning if a block device has been...
CVE-2024-21151
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successfu...
CVE-2024-21891
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...
bump (=0.0.0), resufancy (>=0.1.0 <=0.1.1) potentially affected by unknown CVE via filesystem (=0.4.4)
filesystem CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on filesystem and may be impacted: - bump =0.0.0 - resufancy =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0015...
Directory traversal
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...