VYPR
Vendor

Fuse

Products
2
CVEs
13
Across products
14
Status
Private

Products

2

Recent CVEs

13
  • CVE-2010-3879Jan 22, 2011
    risk 0.04cvss epss 0.10

    FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

  • CVE-2015-3202Jul 2, 2015
    risk 0.03cvss epss 0.01

    fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

  • CVE-2005-1858Jun 3, 2005
    risk 0.03cvss epss 0.01

    FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

  • CVE-2026-33150Mar 20, 2026
    risk 0.00cvss epss 0.00

    libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When…

  • CVE-2026-33179Mar 20, 2026
    risk 0.00cvss epss 0.00

    libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails…

  • CVE-2024-1635Feb 19, 2024
    risk 0.00cvss epss 0.05

    A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end…

  • CVE-2023-1108Sep 14, 2023
    risk 0.00cvss epss 0.02

    A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

  • CVE-2011-0543Sep 2, 2011
    risk 0.00cvss epss 0.00

    Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.

  • CVE-2011-0542Sep 2, 2011
    risk 0.00cvss epss 0.00

    fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.

  • CVE-2011-0541Sep 2, 2011
    risk 0.00cvss epss 0.00

    fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

  • CVE-2010-0789Mar 2, 2010
    risk 0.00cvss epss 0.00

    fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

  • CVE-2006-0751Feb 18, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.

  • CVE-2005-3531Nov 23, 2005
    risk 0.00cvss epss 0.00

    fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.