Astra Linux - уязвимость в nbd

In nbd-server in nbd before 3.24, there is an integer overflow that leads to a heap-based buffer overflow. A value of 0xffffffff in the name length field causes a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue occurs for the NBDOPTINFO,...

NewStart CGSL MAIN 6.06 (SP) : nbd Multiple Vulnerabilities (NS-SA-2026-0012)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has nbd packages installed that are affected by multiple vulnerabilities: - In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a...

CLSA-2026-1772617597 nodejs: Fix of 2 CVEs

CVE-2025-22150: fix issue where undici used Math.random to choose boundary for multipart/form-data request, now uses secure random number generator - CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code - Run full Node.js tests in %check - Fix comment typo in spec...

CVE-2024-0551

Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for...

PT-2024-15651 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows exports of the database and associated exported information of the system via the default user role. An attacker would need to have been granted access to the system prior...

SUSE CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requir...

SUSE CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

DEBIAN-CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

UBUNTU-CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

CVE-2021-24708

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2020-9347

Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external...

DEBIAN-CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requir...

CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requir...

Qemu: stack buffer overflow in NBD server triggered via long export name

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. If NBD server requires...

Qemu: stack buffer overflow in NBD server triggered via long export name

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. If NBD server requires...

DEBIAN-CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

CVE-2013-7441

The modern style negotiation in Network Block Device nbd-server 2.9.22 through 3.3 allows remote attackers to cause a denial of service root process termination by 1 closing the connection during negotiation or 2 specifying a name for a non-existent export...

PT-2015-3589 · Nbd +2 · Nbd-Server +2

Name of the Vulnerable Software and Affected Versions: nbd-server versions 2.9.22 through 3.3 Description: The issue in nbd-server allows remote attackers to cause a denial of service by either closing the connection during negotiation or specifying a name for a non-existent export, which can lea...

OllyDBG v1.10 and ImpREC v1.7f (export name) BOF PoC

No description provided by source. ;-------------------------------------------------------------------------; ; OllyDBG v1.10 and ImpREC v1.7f export name buffer overflow vulnerability ; PoC probably older versions affected too, not tested though. ; ; Included shellcode shows a messagebox WinXP...