EUVD-2020-1574

Malware in sbrugna...

CVE-2022-48502

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c...

RHEL 8 : curl (RHSA-2019:3701)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3701 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

EulerOS 2.0 SP8 : wget (EulerOS-SA-2019-1663)

According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attribut...

Denial Of Service (DoS)

Linux kernel is vulnerable to Null pointer deference vulnerability. The vulnerability exists in the ext4/xattr.c:ext4xattrinodehash function. An attacker could cause a denial of service condition with a crafted ext4 image which may result in an application crash...

Code injection

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

CVE-2018-20483

setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the URL by reading this attribut...

wget -- security flaw in caching credentials passed as a part of the URL

Gynvael Coldwind reports: setfilemetadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information e.g., credentials contained in the UR...

Heap overflow

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4xattrsetentry function. An attacker could exploit this by operating on a mounted crafted ext4 image...

CVE-2018-10840

CVE-2018-10840 describes a heap-based buffer overflow in the Linux kernel’s ext4 xattr handling: fs/ext4/xattr.c:ext4_xattr_set_entry(). An attacker could exploit this by operating on a mounted crafted ext4 image, potentially leading to kernel memory corruption. Connected feeds confirm multiple v...

CVE-2017-8086

Memory leak in the v9fslistxattr function in hw/9pfs/9p-xattr.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service memory consumption via vectors involving the origvalue variable...

CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name...

CVE-2010-2946

CVE-2010-2946 affects the Linux kernel via a flaw in fs/jfs/xattr.c where a legacy extended-attributes storage format could let local attackers bypass xattr namespace restrictions using an os2. prefix. Several connected advisories confirm the issue and reference the affected range: Linux kernel v...

CVE-2005-2801

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the nameindex fields when sharing xattr blocks, which could prevent default ACLs from being applied...

CVE-2005-2801

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the nameindex fields when sharing xattr blocks, which could prevent default ACLs from being applied...