Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fuse project fuse vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3202
fusermount in FUSE prior to 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Debian Debian Linux 8.0
Fuse Project Fuse
1 EDB exploit
NA
CVE-2013-7397
Async Http Client (aka AHC or async-http-client) prior to 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle malicious users to spoof HTTPS servers by presenting an arbitrary cert...
Redhat Jboss Fuse
Async-http-client Project Async-http-client
NA
CVE-2013-7398
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) prior to 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle malicious users to spoof HTTPS servers via an a...
Async-http-client Project Async-http-client
Redhat Jboss Fuse
4.7
CVSSv3
CVE-2022-29973
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.
Exfat Project Exfat 1.3.0
NA
CVE-2010-3879
FUSE, possibly 2.8.5 and previous versions, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-07...
Libfuse Project Libfuse
1 EDB exploit
5.5
CVSSv3
CVE-2022-24614
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use me...
Metadata-extractor Project Metadata-extractor
7.5
CVSSv3
CVE-2021-31684
A vulnerability exists in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
Json-smart Project Json-smart-v1
Json-smart Project Json-smart-v2
Oracle Utilities Framework 4.4.0.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Utilities Framework 4.4.0.3.0
7.5
CVSSv3
CVE-2022-23596
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant us...
Junrar Project Junrar
9.8
CVSSv3
CVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote malicious user to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Xstream Project Xstream
Xstream Project Xstream 1.4.10
1 EDB exploit
4 Github repositories
5.3
CVSSv3
CVE-2022-24723
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing the...
Uri.js Project Uri.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »