fs/ntfs3: Initialize allocated memory before use

...

EUVD-2006-4135

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-26544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel 6.0.8, there is a use-after-free in rununpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size...

CLSA-2025-1742374400 grub2: Fix of 2 CVEs

Sign by Cloudlinux - CVE-2023-4692: ntfs: checks to ensure that NTFS drive's sector numbers are never written beyond the boundary - CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver...

Linux Distros Unpatched Vulnerability : CVE-2024-45783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL...

Tuxera NTFS-3G Security Vulnerability

Tuxera NTFS-3G is an open source, cross-platform set of drivers from the Finnish company Tuxera to support reading and writing NTFS partitions. A security vulnerability exists in NTFS-3G versions prior to 75dcdc2, which stems from the discovery of ntfsuppercasembs in libntfs-3g/unistr.c that...

RHEL 7 : grub2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling CVE-2021-3696 -...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1427)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: grub2

Issue Overview: No CVE associated with this advisory Affected Packages: grub2 Issue Correction: Run dnf update grub2 --releasever 2023.2.20231030 or dnf update --advisory ALAS2023-2023-408 --releasever 2023.2.20231030 to update your system. More information on how to update your system can be fou...

CVE-2023-4692

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a...

Design/Logic Flaw

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

PT-2022-6379 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.0.8 Description: The issue is related to a use-after-free vulnerability in the ntfs trim fs function of the fs/ntfs3/bitmap.c component in the Linux kernel. This vulnerability may allow an attacker to impact the...

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

...

Tuxera NTFS-3G 缓冲区错误漏洞

NTFS-3G is a stable, full-featured, read/write NTFS driver for Linux, Android, Mac OS X, FreeBSD, NetBSD, OpenSolaris, QNX, Haiku and other operating systems. An out-of-bounds read vulnerability exists in ntfsielookup in versions prior to NTFS-3G 2021.8.22. An attacker can exploit this...

CVE-2018-12930

A flaw was found in ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel. This allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. Due to the nature of the flaw,...

CVE-2018-12929

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...

Stack overflow

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

CVE-2018-12929

ntfsreadlockedinode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service kernel oops or panic via a crafted ntfs filesystem...