Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squashfs vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17509
D-Link DIR-846 devices with firmware 100A35 allow remote malicious users to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings...
Dlink Dir-846 Firmware 100a35
10
CVSSv2
CVE-2019-17510
D-Link DIR-846 devices with firmware 100A35 allow remote malicious users to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.
Dlink Dir-846 Firmware 100a35
6.8
CVSSv2
CVE-2012-4024
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the...
Squashfs Project Squashfs
6.8
CVSSv2
CVE-2012-4025
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Squashfs Project Squashfs
5.8
CVSSv2
CVE-2021-41072
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs ...
Squashfs-tools Project Squashfs-tools 4.5
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.8
CVSSv2
CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...
Squashfs-tools Project Squashfs-tools 4.5
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
5.8
CVSSv2
CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 up to and including 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem ...
Sylabs Singularity
Opensuse Leap 15.1
Opensuse Leap 15.2
Opensuse Backports Sle 15.0
5.5
CVSSv2
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
Micasaverde Veralite Firmware 1.5.408
1 EDB exploit
5
CVSSv2
CVE-2015-4646
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote malicious users to cause a denial of service (application crash) via a crafted input.
Squashfs Project Squashfs
4.9
CVSSv2
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
Linux Linux Kernel 2.6.0
Linux Linux Kernel 2.6.10
Linux Linux Kernel 2.6.11.7
Linux Linux Kernel 2.6.11.8
Linux Linux Kernel 2.6.12.4
Linux Linux Kernel 2.6.12.5
Linux Linux Kernel 2.6.13.2
Linux Linux Kernel 2.6.13.3
Linux Linux Kernel 2.6.14.1
Linux Linux Kernel 2.6.14.2
Linux Linux Kernel 2.6.14.3
Linux Linux Kernel 2.6.15
Linux Linux Kernel 2.6.15.1
Linux Linux Kernel 2.6.16
Linux Linux Kernel 2.6.16.7
Linux Linux Kernel 2.6.16.9
Linux Linux Kernel 2.6.11
Linux Linux Kernel 2.6.11.11
Linux Linux Kernel 2.6.12.6
Linux Linux Kernel 2.6.12
Linux Linux Kernel 2.6.13.4
Linux Linux Kernel 2.6.13
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »