CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

817 matches found

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the return result of sbminblocksize Syzkaller reports a bug named “UBSAN: out-of-bounds access in squashfsbioread”. Syzkaller forks multiple processes. After mounting the Squashfs filesystem, it issues an...

7.8CVSS6.3AI score0.00169EPSS

Exploits0References2

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: fixed the handling and sanity checking of the xattrids count A Sysbot 1 that corrupted the filesystem exposed two flaws in the handling and sanity checking of the xattrids count in the filesystem. Both of these flaws...

5.5CVSS6.4AI score0.00235EPSS

Exploits0References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in squashfs-tools

The squashfsopendir function in unsquash-2.c within Squashfs-Tools 4.5 enables Directory Traversal, another vulnerability distinct from CVE-2021-40153. A squashfs filesystem that includes a symbolic link, along with files under the same filename, can cause unsquashfs to first create the symbolic...

8.1CVSS6.7AI score0.02136EPSS

Exploits1References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: sanity check for symbolic link sizes Syzkiller reports a bug named “KMSAN: uninit-value in picklink”. This issue is caused by an uninitialized page, which ultimately results from reading a corrupted symbolic link siz...

7.8CVSS6.5AI score0.00299EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Squashfs: Check that the inode number is not the invalid value of zero. Syskiller has identified an out-of-bounds access in the fillmetaindex function. This out-of-bounds access occurs because the inode has an inode number of...

7.1CVSS6.4AI score0.0028EPSS

Exploits0References2

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

8.1CVSS6.4AI score0.025EPSS

Exploits1References2

Tenable Nessus•added 2026/06/18 12:0 a.m.•5 views

Siemens RuggedCom Rox Integer Overflow or Wraparound (CVE-2024-57258)

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdifft is mishandled on x8664. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.8CVSS7.2AI score0.00233EPSS

Exploits0References3

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2293)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : iommu/sva: invalidate stale IOTLB entries for kernel address spaceCVE-2025-71202 iommu: disable SVA when CONFIGX86 is setCVE-2025-71089 tls: Fix...

9.8CVSS6.7AI score0.96775EPSS

Exploits230References84

Tenable Nessus•added 2026/06/10 12:0 a.m.•9 views

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2336)

9.8CVSS6.7AI score0.96775EPSS

Exploits230References84

SUSE CVE•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-48104

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In the SquashFS handler, blockToNode is allocated with capacity for every metadata block but populated...

4.2CVSS5.5AI score0.00179EPSS

Exploits1References3

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2247)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 nfsd: fix RELEASELOCKOWNERCVE-2024-26629 bonding: limit BONDMODE8023AD to...

9.8CVSS7AI score0.96775EPSS

Exploits230References88

Tenable Nessus•added 2026/06/09 12:0 a.m.•8 views

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2026-2209)

9.8CVSS7AI score0.96775EPSS

Exploits230References88

RedhatCVE•added 2026/06/08 1:35 p.m.•9 views

CVE-2026-48104

4.2CVSS5.5AI score0.00179EPSS

Exploits1References2

NVD•added 2026/06/05 5:16 p.m.•11 views

CVE-2026-48104

4.2CVSS0.00179EPSS

Exploits1References1

Snyk•added 2026/06/05 5:13 p.m.•7 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the SquashFS archive handler due to uninitialized memory in the blockToNode array. An attacker can cause denial of service or potentially disclose heap information by providing a crafted SquashFS image...

4.2CVSS5.5AI score0.00179EPSS

Exploits1References3

Snyk•added 2026/06/05 4:46 p.m.•6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SquashFS ReadBlock function. An attacker can cause disclosure of heap memory contents by providing a specially crafted SquashFS archive with a manipulated node.Offset value, which bypasses fragment bounds check...

8.1CVSS5.4AI score0.00324EPSS

Exploits1References3