Lucene search
K

6 matches found

OSV
OSV
added 2026/05/16 3:14 p.m.5 views

CLSA-2026-1778940132 rsync: Fix of CVE-2026-41035

CVE-2026-41035: receiver use-after-free in receivexattr via untrusted xattr count passed to qsort...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/08/04 3:19 p.m.3 views

kernel: ext4: ignore xattrs past end

A use-after-free vulnerability has been discovered in the Linux kernel, specifically within the ext4xattrinodedecrefall function related to the ext4 filesystem's extended attributes. An attacker could exploit this flaw by providing a specially crafted payload, leading to a denial of service...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/18 7:1 a.m.20 views

CVE-2025-39735 jfs: fix slab-out-of-bounds read in ea_get()

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...

0.00215EPSS
Exploits0References9
OSV
OSV
added 2024/07/12 1:55 p.m.18 views

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

8.1CVSS7.7AI score0.0691EPSS
Exploits2References8
OSV
OSV
added 2017/12/21 5:43 p.m.8 views

MGASA-2017-0459 Updated rsync package fixes security vulnerability

The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact by sendi...

9.8CVSS9.6AI score0.05163EPSS
Exploits0References3
Prion
Prion
added 2010/09/29 5:0 p.m.23 views

Design/Logic Flaw

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name...

2.1CVSS6.6AI score0.00426EPSS
Exploits0References18Affected Software2
Rows per page
Query Builder