Lucene search
K

5181 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Siemens RuggedCom Rox Integer Overflow or Wraparound (CVE-2024-57256)

An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. This plugin only works with Tenable.ot. Please...

7.1CVSS7.2AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.4 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-13106)

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.3CVSS7AI score0.0175EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-13104)

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the whole stack while reading a crafted ext4 filesystem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

7.8CVSS6.7AI score0.01108EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7795-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

7.8CVSS7AI score0.00288EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7795-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

7.8CVSS7.9AI score0.00288EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.18 views

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

7.8CVSS8.2AI score0.0071EPSS
Exploits7References506
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.32 views

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

7.8CVSS7AI score0.0071EPSS
Exploits7References506
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.5CVSS5.5AI score0.00155EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS5.5AI score0.0028EPSS
Exploits1References1
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.5CVSS0.00155EPSS
Exploits1References4
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS0.0028EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/06/03 12:0 a.m.6 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

5.8AI score0.0028EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45934

Name of the Vulnerable Software and Affected Versions lwext4 version 1.0.0 Description A divide-by-zero issue exists in the ext4 block set lb size function within the src/ext4 blockdev.c file. This occurs when a malformed ext4 filesystem image with a zero logical block size is provided, leading t...

5.5CVSS5.4AI score0.00155EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.42 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/06/03 12:0 a.m.16 views

CVE-2025-70100

CVE-2025-70100 affects lwext4 1.0.0. A divide-by-zero in ext4_block_set_lb_size (src/ext4_blockdev.c) can cause denial of service when processing a malformed ext4 image, triggering a Floating-Point Exception or crash due to missing lb_size validation during mount/image handling. Connected sources...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.5 views

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.8AI score0.00155EPSS
Exploits1References4
CVE
CVE
added 2026/06/03 12:0 a.m.15 views

CVE-2025-70101

lwext4 1.0.0 exposes an out-of-bounds read in ext4_ext_binsearch_idx (src/ext4_extent.c) that can trigger denial of service when processing a crafted ext4 image. The vulnerability stems from insufficient validation of extent header fields prior to performing a binary search over extent index entr...

6.5CVSS5.8AI score0.0028EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.40 views

CVE-2025-70100

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

0.00155EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

lwext4 安全漏洞

lwext4 is an embedded library developed by Grzegorz Kostka for microcontrollers, which provides ext2/3/4 file systems. Version 1.0.0 of lwext4 contains a security vulnerability. This vulnerability stems from the lack of validation for lbsize in the ext4blocksetlbsize function, resulting in a zero...

5.5CVSS5.3AI score0.00155EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/03 12:0 a.m.17 views

EUVD-2025-210054

A divide-by-zero vulnerability in the ext4blocksetlbsize function in src/ext4blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount o...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References3
Rows per page
Query Builder