CVE-2023-36398

Windows NTFS Information Disclosure Vulnerability...

Microsoft Windows NTFS Security Vulnerability

Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-repair, and logging capabilities. A security vulnerability exists in Microsoft Windows NTFS. An attacker exploiting this vulnerability could gain access to sensitive...

Grub2: out-of-bounds read at fs/ntfs.c

...

DEBIAN-CVE-2023-4693

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

AZL-34795 CVE-2023-4692 affecting package grub2 for versions less than 2.06-18

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

The vulnerability of the Windows operating system’s file system, which allows a hacker to increase their privileges

The vulnerability of the Windows file system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

USN-6339-3 linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service system crash. CVE-2022-48425...

SUSE CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Chrome security severity: High...

vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...

The vulnerability of the NTFS file system of the Windows operating system, which allows a perpetrator to increase their privileges

The vulnerability of the NTFS file system in Windows operating systems is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

CVE-2023-29346

NTFS Elevation of Privilege Vulnerability...

PT-2023-3133 · Microsoft · Windows Ntfs +1

Name of the Vulnerable Software and Affected Versions: Windows NTFS affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows NTFS file system, which is caused by insecure privilege management. This vulnerability can be exploited b...

The vulnerability of the Network File System (NFS) of the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Network File System NFS exists due to insufficient checks on input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE CVE-2008-1891

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

SUSE CVE-2018-11233

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory...

SUSE CVE-2021-39262

A crafted NTFS image can cause an out-of-bounds access in ntfsdecompress in NTFS-3G 2021.8.22...

CVE-2022-38025

Windows Distributed File System DFS Information Disclosure Vulnerability...

PT-2022-33768 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: A potential security issue has been identified in the Linux Kernel, related to the fs/ntfs3 component. The actual impact and attack plausibility have not yet been proven. Recommendations: F...

tomcat: Information disclosure when using NTFS file system

A flaw was found in Apache Tomcat. When serving resources from a network location using the NTFS file system, it was possible to bypass security constraints and view the source code for JSPs in some configurations. The root cause was the unexpected behavior of the JRE API File.getCanonicalPath,...

The vulnerability of the ntfs_mft_rec_alloc function in the NTFS file system, which allows a hacker to execute arbitrary code with elevated privileges through the FUSE NTFS-3G module.

The vulnerability of the ntfsmftrecalloc function in the NTFS file system relates to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges using a specially created NTFS image file...