CVE-2023-2910
published 2023-08-17CVE-2023-2910: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM)…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.34%
67.8th percentile
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asustor | adm | 4.0 – 4.0.6.RIS1 | — |
| asustor | adm | 4.1 – 4.1.0.RLQ1 | — |
| asustor | adm | 4.2 – 4.2.2.RI61 | — |
| asustor | data_master | 4.0.0.rib4 – 4.0.6.ris1 | — |
| asustor | data_master | >= 4.1.0.rhu2 < 4.2.3.rk91 | 4.2.3.rk91 |
| linux | linux_kernel | >= 5.15.0 < 5.15.111 | 5.15.111 |
| linux | linux_kernel | >= 5.16.0 < 6.1.28 | 6.1.28 |
| linux | linux_kernel | >= 6.2.0 < 6.2.15 | 6.2.15 |
| linux | linux_kernel | >= 6.3.0 < 6.3.2 | 6.3.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
osv·2025-12-24
CVE-2023-53988 fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631
Call Trace:
memmove+0x25/0x60 mm/kasan/shadow.c:54
hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276
Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or ma
GHSA
GHSA-5jc7-2r5q-9xhh: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Mas
ghsa_unreviewed·2023-08-17
CVE-2023-2910 [HIGH] CWE-77 GHSA-5jc7-2r5q-9xhh: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Mas
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Red Hat
kernel: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
vendor_redhat·2025-12-24
CVE-2023-53988 kernel: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
kernel: fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
Read of size 16842960 at addr ffff888079cc0600 by task syz-executor934/3631
Call Trace:
memmove+0x25/0x60 mm/kasan/shadow.c:54
hdr_delete_de+0xe0/0x150 fs/ntfs3/index.c:806
indx_delete_entry+0x74f/0x3670 fs/ntfs3/index.c:2193
ni_remove_name+0x27a/0x980 fs/ntfs3/frecord.c:2910
ntfs_unlink_inode+0x3d4/0x720 fs/ntfs3/inode.c:1712
ntfs_rename+0x41a/0xcb0 fs/ntfs3/namei.c:276
Before using the meta-data in struct INDEX_HDR, we need to
check index header valid or not. Otherwise, the corruptedi
(or
No detection rules found.
No public exploits indexed.
2023-08-17
Published