Lucene search
K

57 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

NanaZip 数字错误漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a numerical error vulnerability. This vulnerability stemmed from the UFS/UFS2 file system image parser not verifying the value of the fsipg field in the superblock. When this...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.8 views

CVE-2026-43228

In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUGON with error handling for CNID count checks In a06ec283e125 nextid, foldercount, and filecount in the super block info were expanded to 64 bits, and BUGONs were added to detect overflow. This triggered an error...

5.5CVSS5.8AI score0.00112EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/04 2:36 p.m.4 views

CVE-2026-23234

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fswriteendio As syzbot reported an use-after-free issue in f2fswriteendio. It is caused by below race condition: loop device umount - workerthread - loopprocesswork - doreqfilebacked - lorwaio -...

7.8CVSS5.2AI score0.00119EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/25 11:44 p.m.3 views

CVE-2026-27711

NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted .ufs/.ufs2/.img file to trigger out-of-bounds memory access during archive open/listing. The bug is...

6.6CVSS5.6AI score0.00142EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-3071

Malware in sbrugna...

2.1CVSS6.4AI score0.0038EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-0301

Malware in sbrugna...

7.1CVSS6.3AI score0.03769EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-6397

Malware in sbrugna...

6.6CVSS5.6AI score0.00336EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/09/18 8:45 a.m.1 views

grub2: fs/ufs: OOB write in the heap

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS5.7AI score0.00234EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/09/04 7:5 a.m.4 views

Grub2: fs/ufs: oob write in the heap

...

6.7CVSS7AI score0.00234EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/04 6:13 a.m.3 views

Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks

...

6.4CVSS7AI score0.00318EPSS
Exploits0
CNVD
CNVD
added 2025/08/20 12:0 a.m.2 views

GNU GRUB Buffer Overflow Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which originates in the UFS module, where the program does not properly manage memory allocation and release when processing data, and can be exploited by an attacker to obtain...

6.4CVSS7.3AI score0.00318EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.6 views

grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

6.4CVSS6.3AI score0.00318EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.6 views

grub2: fs/ufs: OOB write in the heap

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS5.7AI score0.00234EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/05/09 6:42 a.m.8 views

CVE-2025-37858

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group AG size using 1 2TB aggregates on 32-bit systems, this 32-bit shift operation causes undefined behavior and improper AG sizing...

5.5CVSS6AI score0.00244EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/04/16 2:11 p.m.6 views

CVE-2024-58094

In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfstruncatenolock Added a check for "read-only" mode in the jfstruncatenolock function to avoid errors related to writing to a read-only filesystem. Call stack: blockwritebegin...

5.5CVSS5.5AI score0.00163EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/20 2:33 p.m.2 views

SUSE CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.7AI score0.00234EPSS
Exploits0References14
OSV
OSV
added 2025/02/19 7:15 p.m.1 views

DEBIAN-CVE-2025-0677

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

6.4CVSS7.7AI score0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/02/18 8:15 p.m.2 views

CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.6AI score0.00234EPSS
Exploits0References5
OSV
OSV
added 2025/02/18 8:15 p.m.8 views

AZL-56970 CVE-2024-45781 affecting package grub2 for versions less than 2.06-15

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS5.7AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 8:15 p.m.2 views

DEBIAN-CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.3AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder