Fuse
Products
2- 9 CVEs
- 5 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3879 | 0.04 | — | 0.10 | Jan 22, 2011 | FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. | |||
| CVE-2015-3202 | 0.03 | — | 0.01 | Jul 2, 2015 | fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. | |||
| CVE-2005-1858 | 0.03 | — | 0.01 | Jun 3, 2005 | FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | |||
| CVE-2026-33150 | 0.00 | — | 0.00 | Mar 20, 2026 | libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When… | |||
| CVE-2026-33179 | 0.00 | — | 0.00 | Mar 20, 2026 | libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails… | |||
| CVE-2024-1635 | 0.00 | — | 0.05 | Feb 19, 2024 | A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end… | |||
| CVE-2023-1108 | 0.00 | — | 0.02 | Sep 14, 2023 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | |||
| CVE-2011-0543 | 0.00 | — | 0.00 | Sep 2, 2011 | Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. | |||
| CVE-2011-0542 | 0.00 | — | 0.00 | Sep 2, 2011 | fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. | |||
| CVE-2011-0541 | 0.00 | — | 0.00 | Sep 2, 2011 | fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | |||
| CVE-2010-0789 | 0.00 | — | 0.00 | Mar 2, 2010 | fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | |||
| CVE-2006-0751 | 0.00 | — | 0.02 | Feb 18, 2006 | Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors. | |||
| CVE-2005-3531 | 0.00 | — | 0.00 | Nov 23, 2005 | fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. |
- CVE-2010-3879Jan 22, 2011risk 0.04cvss —epss 0.10
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
- CVE-2015-3202Jul 2, 2015risk 0.03cvss —epss 0.01
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
- CVE-2005-1858Jun 3, 2005risk 0.03cvss —epss 0.01
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
- CVE-2026-33150Mar 20, 2026risk 0.00cvss —epss 0.00
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When…
- CVE-2026-33179Mar 20, 2026risk 0.00cvss —epss 0.00
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails…
- CVE-2024-1635Feb 19, 2024risk 0.00cvss —epss 0.05
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end…
- CVE-2023-1108Sep 14, 2023risk 0.00cvss —epss 0.02
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
- CVE-2011-0543Sep 2, 2011risk 0.00cvss —epss 0.00
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
- CVE-2011-0542Sep 2, 2011risk 0.00cvss —epss 0.00
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
- CVE-2011-0541Sep 2, 2011risk 0.00cvss —epss 0.00
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
- CVE-2010-0789Mar 2, 2010risk 0.00cvss —epss 0.00
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
- CVE-2006-0751Feb 18, 2006risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.
- CVE-2005-3531Nov 23, 2005risk 0.00cvss —epss 0.00
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.