1709 matches found
EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...
EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...
CVE-2026-45252
When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...
OESA-2026-2557 kata-containers security update
This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: 'This vulnerability was fixed in Kata Containers 3.31.0:', 'Description:\n\nIn the runtime-rs standalone virtio-fs path, Kata Containers runs virtiofsd\nas root with --sandbox none --seccom...
Linux Distros Unpatched Vulnerability : CVE-2026-48711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - sshfs-fuse - None Ubuntu Linux - Unknown description CVE-2026-48711 Note that Nessus relies on the presence of the package as reported by the...
Linux Distros Unpatched Vulnerability : CVE-2026-47187
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - sshfs-fuse - None Ubuntu Linux - Unknown description CVE-2026-47187 Note that Nessus relies on the presence of the package as reported by the...
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU and verified with Cloud Hypervisor too, Kata Containers runs host virtiofsd as root with: --sandbox none --seccomp none If an attacker has root-equivalent execution inside the Kata guest VM, they can send raw FUSE reques...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: newrelic-infrastructure-agent, rancher-helm, skaffold, k8ssandra-client, linkerd2, headlamp, docker-cli-buildx, teleport, gogatekeeper, datadog-agent, fuse-overlayfs-snapshotter, syft, trivy, trivy-operator, dagger, kubescape-operator, osv-scanner, wolfictl, zarf,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: cloudbeat, linkerd2-fips, envoy-gateway, spegel, headlamp, datadog-agent, containerd, neuvector-scanner-fips, helm-set-status, xeol-fips, livekit-cli, opa-envoy, neuvector-fips, trivy, k3s, envoy-gateway-fips, kube-mgmt-fips, chartmuseum, tigera-operator-fips,...
CVE-2026-45252 Heap overflow in FUSE_LISTXATTR
When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...
CVE-2026-45252 Heap overflow in FUSE_LISTXATTR
When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...
EUVD-2026-31254
When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel...
CVE-2026-45252
CVE-2026-45252 : In fusefs, when extended attributes are queried via FUSE_LISTXATTR, the kernel may call strlen() on a daemon-provided buffer without ensuring the list is fully NUL-terminated. If the list is not NUL-terminated, the fusefs kernel module may read past the end of a heap buffer and p...
PT-2026-42401
Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description The ptracePT SC REMOTE function failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. This allows a user with debugging capabilities to trigger arbitrary cod...
FreeBSD : FreeBSD -- Heap overflow in FUSE_LISTXATTR (3cc34467-54b6-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3cc34467-54b6-11f1-8d7a-bc241121aa0a advisory. When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang during the processing of FUSEINIT. The reason for this issue is that...
Astra Linux – Vulnerability in ntfs-3g
An invalid return code in fusekernmount allows for the interception of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
Astra Linux – Vulnerability in glusterfs
In Gluster GlusterFS 11.0, there is a stack-based buffer over-read issue in xlators/mount/fuse/src/fuse-bridge.c...
FreeBSD -- Heap overflow in FUSE_LISTXATTR
Problem Description: When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings...
FreeBSD Security Advisory - FreeBSD-SA-26:20.fusefs
FreeBSD Security Advisory - When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated...