Lucene search
K

57 matches found

Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53244

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

7.5CVSS5.7AI score0.00359EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...

6.7CVSS6.6AI score0.00234EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

5.5CVSS5.5AI score0.00111EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/27 12:15 p.m.13 views

CVE-2026-45858

In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is...

5.5CVSS5.7AI score0.00155EPSS
Exploits0
NVD
NVD
added 2026/05/12 8:16 p.m.11 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

7.1CVSS0.00217EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 8:16 p.m.13 views

CVE-2026-42442

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.9 views

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

5.5CVSS0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:23 p.m.8 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/05/12 7:22 p.m.10 views

EUVD-2026-29790

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:22 p.m.8 views

CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:21 p.m.10 views

CVE-2026-42443 NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:21 p.m.8 views

CVE-2026-42443

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:21 p.m.23 views

CVE-2026-42443

NanaZip (open source archiver) contains a local-denial bug in its UFS/UFS2 filesystem image parser. From versions 5.0.1252.0 up to before 6.0.1698.0, an integer divide-by-zero occurs when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is zero. The parser...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 7:21 p.m.10 views

EUVD-2026-29787

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:21 p.m.9 views

CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

NanaZip 代码问题漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40357

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An integer divide-by-zero issue exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the superblock field fs ipg inodes per...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

NanaZip 缓冲区错误漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a buffer error vulnerability. This vulnerability stemmed from a single-byte heap out-of-bounds write in the UFS/UFS2 file system image parser, which could lead to the...

7.1CVSS6AI score0.00217EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40356

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description A null-pointer dereference exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the root inode inode 2 is set to IFLNK symlink...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

NanaZip 数字错误漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a numerical error vulnerability. This vulnerability stemmed from the UFS/UFS2 file system image parser not verifying the value of the fsipg field in the superblock. When this...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder