Lucene search
K

824 matches found

OSV
OSV
added 2020/07/29 5:0 p.m.4 views

UBUNTU-CVE-2020-14309

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacke...

6.7CVSS7.1AI score0.00482EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/07/29 12:0 a.m.12 views

PT-2020-3621 · Gnu +7 · Grub2 +7

Name of the Vulnerable Software and Affected Versions: Grub2 versions prior to 2.06 Description: The issue is related to an integer overflow of the UINT32 value, which can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. Specifically, the...

8.2CVSS7.5AI score0.01738EPSS
Exploits2References153
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 4:47 p.m.36 views

format test

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

7.8AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/12 2:44 p.m.679 views

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

7.8AI score
Exploits0
Prion
Prion
added 2020/01/28 5:15 p.m.26 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...

4.3CVSS7.8AI score0.01731EPSS
Exploits6References3Affected Software1
Cvelist
Cvelist
added 2020/01/28 4:9 p.m.32 views

CVE-2013-4865

Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...

7.1AI score0.01731EPSS
Exploits6References3
CVE
CVE
added 2020/01/28 4:9 p.m.62 views

CVE-2013-4865

The CVE-2013-4865 entry concerns MiCasaVerde VeraLite firmware 1.5.408. A cross-site request forgery (CSRF) in upgrade_step2.sh could allow a remote attacker to hijack a user’s authenticated session to perform requests that install arbitrary firmware via the squashfs parameter. This vulnerability...

6.5CVSS7.8AI score0.01731EPSS
Exploits6References3Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2019-1459)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.04047EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2019-2092)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.0691EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2019-1871)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.0691EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2019-2665)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.0691EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.29 views

EulerOS 2.0 SP3 : squashfs-tools (EulerOS-SA-2019-2665)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of...

7.5CVSS7AI score0.0691EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2019/11/05 6:14 p.m.14 views

squashfs-tools bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

1.6AI score
Exploits0
Kitploit
Kitploit
added 2019/10/19 9:30 p.m.159 views

IoT-Implant-Toolkit - Toolkit For Implant Attack Of IoT Devices

IoT-Implant-Toolkit is a framework of useful tools for malware implantation research of IoT devices. It is a toolkit consisted of essential software tools on firmware modification, serial port debugging, software analysis and stable spy clients. With an easy-to-use and extensible shell-like...

7.7AI score
Exploits0References8
Prion
Prion
added 2019/10/11 8:15 p.m.21 views

Design/Logic Flaw

D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php...

10CVSS9.8AI score0.03557EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.23 views

EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2019-2092)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

7.5CVSS7AI score0.0691EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/17 12:0 a.m.28 views

EulerOS 2.0 SP2 : squashfs-tools (EulerOS-SA-2019-1871)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

7.5CVSS7AI score0.0691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.3 views

PT-2019-6092 · Unknown +9 · Squashfs-Tools +9

Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-1.c component of Squashfs-Tools. This function stores the filename in the directory entry, which is then used by unsquashfs to creat...

8.1CVSS6.5AI score0.0691EPSS
Exploits2References105
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.3 views

PT-2019-6144 · Unknown +9 · Squashfs-Tools +9

Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-2.c component of Squashfs-Tools, which incorrectly handles symbolic links before accessing a file. This allows a remote attacker to...

8.8CVSS6.3AI score0.0691EPSS
Exploits2References98
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.25 views

EulerOS Virtualization 3.0.1.0 : squashfs-tools (EulerOS-SA-2019-1459)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attacke...

6.8CVSS8.1AI score0.04047EPSS
Exploits0References3
Rows per page
Query Builder