Twig: Sandbox property and method bypass via object-destructuring assignment

Description The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to CoreExtension::getAttribute with the $sandboxed argument hardcoded to false, regardless of whether a SandboxExtension is active. This permanently disables the sandbox's property and method policy...

PT-2026-42691

Name of the Vulnerable Software and Affected Versions Twig versions 3.24.0 through 3.24.x Description The object-destructuring assignment syntax generates a call to the getAttribute function within CoreExtension where the $sandboxed argument is hardcoded to false. This occurs regardless of whethe...

Astra Linux - уязвимость в ntfs-3g

A properly crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

JLSEC-2026-282

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt called from nc4getatttc and ncgetatttext and in uffdcleanup called from netCDFDataset::netCDFDataset and netCDFDataset::netCDFDataset...

EUVD-2026-25505

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...

MiracleLinux 7 : kernel-3.10.0-1160.53.1.el7 (AXSA:2022-2973:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2973:02 advisory. kernel: perfeventparseaddrfilter memory CVE-2020-25704 kernel: fuse: fusedogetattr calls makebadinode in inappropriate situations CVE-2020-36322...

PT-2025-49453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s Network File System Daemon NFSD does not properly handle requests for new time deleg FATTR4 attributes introduced in newer NFS specifications. Specifically, NFSv4...

BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

PT-2024-37412

Name of the Vulnerable Software and Affected Versions: BT: Classic affected versions not specified Description: The issue concerns an SDP OOB access vulnerability in the get att search list function of BT Classic. Recommendations: At the moment, there is no information about a newer version that...

CVE-2022-43604

An out-of-bounds write vulnerability exists in the GetAttributeList attributecountrequest functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote cod...

SUSE CVE-2016-2800

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

SUSE CVE-2016-5039

The getattrvalue function in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via a crafted object with all-bits on...

CVE-2022-30784

A crafted NTFS image can cause heap exhaustion in ntfsgetattributevalue in NTFS-3G through 2021.8.22...

kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations

A denial of service flaw was found in fusedogetattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system...

DEBIAN-CVE-2021-39263

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

UBUNTU-CVE-2021-39263

A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfsgetattributevalue, in NTFS-3G 2021.8.22...

PT-2021-5804 · Ntfs-3G +7 · Ntfs-3G +7

Name of the Vulnerable Software and Affected Versions: NTFS-3G versions prior to 2021.8.22 Description: A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs get attribute value. This issue may allow an attacker to access confidential data,...

curl: LDAP NULL pointer dereference

A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldapgetattributeber function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply...

libdwarf 'get_attr_value()' function denial of service vulnerability

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A security vulnerability exists in the 'getattrvalue' function of libdwarf. An attacker can exploit this vulnerability to cause a denial of service OOB read...

DEBIAN-CVE-2014-9379

The radiusgetattribute function in dissectors/ecradius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow...