CVE-2026-46072

A flaw was found in the Linux kernel's ntfs3 module. A local attacker, by mounting a specially crafted NTFS New Technology File System image containing truncated run data, could trigger an out-of-bounds heap read. This vulnerability allows for the disclosure of sensitive information from kernel...

CVE-2026-44215 NanaZip: Heap out-of-bounds write in NanaZip UFS directory parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the GetAllPaths function in the UFS/UFS2 file system image parser, which allowed recursive subdirectories without...

EulerOS 2.0 SP10 : libblockdev (EulerOS-SA-2025-2102)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

AZL-64190 CVE-2025-6019 affecting package libblockdev 3.2.0-1

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

containerd allows host filesystem access on pull

Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...

USN-7381-1 linux-lowlatency-hwe-6.11 vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

UBUNTU-CVE-2023-52169

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in...

CVE-2023-52169

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 for 7zz contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in...

How to export a VPX instance on an SDX to an XVA file

This article will describe how to export an XVA file of a VPX from an SDX. This file contains the entire contents of the VPX including an image of the VPX's file systems...

CVE-2023-2898

There is a null-pointer-dereference flaw found in f2fswriteendio in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem...

SUSE CVE-2021-39261

A crafted NTFS image can cause a heap-based buffer overflow in ntfscompressedpwrite in NTFS-3G 2021.8.22...

CVE-2022-30786

A crafted NTFS image can cause a heap-based buffer overflow in ntfsnamesfullcollate in NTFS-3G through 2021.8.22...

UBUNTU-CVE-2021-39253

A crafted NTFS image can cause an out-of-bounds read in ntfsrunlistsmergei in NTFS-3G 2021.8.22...

kernel: NULL pointer dereference in xfs_da_shrink_inode function

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp. This can lead to a system crash and a denial of service...

The vulnerability of the ext4_xattr_set_entry() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4xattrsetentry function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure during the renaming of a file in a specially created ext4 file system image...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3018-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3018-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-3017-3)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3017-3 advisory. USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3020-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3020-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...