Lucene search
K

28 matches found

SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.17 views

SUSE CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References46
NVD
NVD
added 2026/05/01 2:16 p.m.6 views

CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

7.8CVSS0.00129EPSS
Exploits1References3
CVE
CVE
added 2026/05/01 1:53 p.m.25 views

CVE-2026-31694

Summary: CVE-2026-31694 fixes a Linux kernel FUSE directory-entry handling flaw. A malicious FUSE server could cause a 24-byte overflow by returning a dirent whose serialized size (based on namelen) exceeds a single PAGE_SIZE. The bug arises in fuse_add_dirent_to_cache(), which previously only ch...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:53 p.m.4 views

CVE-2026-31694

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the fuse add dirent to cache function where the system computes a serialized directory entry dirent size based on the server-controlled namelen field and copies it int...

7.8CVSS5.8AI score0.00129EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47692)

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6.2AI score0.01168EPSS
Exploits0References5
Debian
Debian
added 2025/10/13 2:45 p.m.4 views

[SECURITY] [DLA 4329-1] libfcgi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4329-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 13, 2025 https://wiki.debian.org/LTS -...

9.3CVSS7.2AI score0.00566EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-381973)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-381973 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in...

6.5CVSS6.4AI score0.01168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/11 10:24 a.m.4 views

perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library

A flaw was found in the FCGI library. In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. This occurs in ReadParams in fcgiapp.c...

5.3CVSS5.9AI score0.00516EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.2 views

kernel: nfsd: return -EINVAL when namelen is 0

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6.5AI score0.01168EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nfsd: returns -EINVAL when namelen is 0 When we have a corrupted main.sqlite file in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that ha...

6.5CVSS6.4AI score0.01168EPSS
Exploits0References3
OSV
OSV
added 2025/01/10 12:15 p.m.1 views

DEBIAN-CVE-2025-23016

FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c...

9.3CVSS8.3AI score0.00566EPSS
Exploits0References1
Amazon
Amazon
added 2024/10/31 12:0 a.m.0 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump...

9.1CVSS7AI score0.01367EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2024/10/21 3:47 p.m.2 views

SUSE CVE-2024-47692

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

5.5CVSS6.3AI score0.01168EPSS
Exploits0References19
OSV
OSV
added 2024/10/21 12:15 p.m.12 views

AZL-50939 CVE-2024-47692 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6.7AI score0.01168EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:15 p.m.2 views

DEBIAN-CVE-2024-47692

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6AI score0.01168EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:15 p.m.10 views

AZL-50827 CVE-2024-47692 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6.7AI score0.01168EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:15 p.m.1 views

UBUNTU-CVE-2024-47692

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6.3AI score0.01168EPSS
Exploits0References43
Debian CVE
Debian CVE
added 2024/10/21 11:53 a.m.9 views

CVE-2024-47692

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

6.5CVSS6AI score0.01168EPSS
Exploits0
CVE
CVE
added 2024/10/21 11:53 a.m.175 views

CVE-2024-47692

CVE-2024-47692 : Linux kernel NFS server (nfsd) vulnerability where namelen can be 0 if main.sqlite is corrupted, causing memdup_user() to return ZERO_SIZE_PTR and leading to NULL pointer dereference when accessing name.data in nfs4_client_to_reclaim(). The issue is resolved by adding a namelen v...

6.5CVSS7.2AI score0.01168EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder