Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in diAlloc. Currently, there is no check for the agnno of the iag when allocating new inodes to avoid fragmentation problems. The check has been added, which is necessary...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002553 advisory. In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

CVE-2022-50567 fs: jfs: fix shift-out-of-bounds in dbAllocAG

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp-dbagl2size. The field can be greater than 64 and trigger the...

EUVD-2017-11950

Malware in sbrugna...

jfs: fix array-index-out-of-bounds read in add_missing_indices

...

Linux Distros Unpatched Vulnerability : CVE-2017-2807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer...

Linux Distros Unpatched Vulnerability : CVE-2017-2808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a...

Linux Distros Unpatched Vulnerability : CVE-2023-3397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attack...

UBUNTU-CVE-2024-49903

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits syzbot reported ================================================================== BUG: KASAN: slab-use-after-free in mutexlockcommon kernel/locking/mutex.c:587 inline BUG: KASAN: slab-use-after-free in...

UBUNTU-CVE-2023-4385

A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfsdmap.c in the journaling file system JFS in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check...

SUSE CVE-2015-8842

tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file...

SUSE CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

FreeBSD : ledger -- multiple vulnerabilities (d843a984-7f22-484f-ba81-483ddbe30dc3)

Talos reports : An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. ...

Ledger-CLI Account Resolution Memory Misreference Vulnerability

Ledger is an accounting system that supports UNIX commands. A memory misreference vulnerability in Ledger-CLI account parsing allows remote attackers to exploit the vulnerability by submitting a journal file and tricking a user into parsing it, which could crash the application or execute arbitra...

CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

Integer overflow

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...