248 matches found
EUVD-2026-43314
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...
CVE-2026-15546
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...
CVE-2026-15546
The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...
CVE-2026-58454
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...
CVE-2026-58454 JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...
CVE-2026-58454
Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...
CVE-2026-36178
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
PT-2026-46246
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: fixed a memory leak in jffs2domountfs. If jffs2buildfilesystem in jffs2domountfs returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: jffs2: A use-after-free occurred in jffs2clearxattrsubsystem. When we mount a jffs2 image, it is assumed that the first few blocks of the image are normal and contain at least one xattr-related inode. However, the next block may ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: fixed a memory leak in jffs2scanmedium If an error is returned in jffs2scaneraseblock, and some memory is added to the jffs2summary s, we can observe the following kmemleak report:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompression memory corruption The rtime decompression routine does not fully check bounds during the entire decompression process. As a result, it may corrupt memory outside the decompression buffer if the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: jffs2: fixed a memory leak in jffs2dofillsuper. If jffs2iget or dmakeroot in jffs2dofillsuper returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object...
ROS-20260306-73-0022
A vulnerability in the jffs2preallocrawnoderefs function of the Linux kernel is related to a pointer dereference error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
USN-7986-1 linux vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Ceph distributed file system; - JFFS2 file system; - Timer subsystem; - USB sound devices; CVE-2024-26689,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: jffs2: check that the raw node was preallocated before writing the summary. Syzkaller detected a kernel bug in jffs2linknoderef, caused by a fault injection in jffs2preallocrawnoderefs. jffs2sumwritesumnode does not check the...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38194)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38194 advisory. - In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were...
Azure Linux 3.0 Security Update: kernel (CVE-2025-38328)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38328 advisory. - In the Linux kernel, the following vulnerability has been resolved: jffs2: check jffs2preallocrawnoderefs...
USN-7774-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...
TencentOS Server 2: kernel (TSSA-2025:0436)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0436 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...