PT-2024-14742 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's filesystem handling, specifically the getattr interface function. When vfs getattr nosec calls a filesystem's getattr interface function, it...

Information Disclosure

AccessControl is vulnerable to Information Disclosure. The vulnerability is due to the formatmap function which allows attackers controlling the format string to read objects accessible via getattr and getitem which can result a critical information disclosure...

GHSA-8XV7-89VJ-Q48C Information disclosure in AccessControl

Impact Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...

kernel: afs: Fix dynamic root getattr

In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afsgetattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oop...

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

Code injection

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

CVE-2023-1304

CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...

InsightCloudSec 代码注入漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21 that stems from an attacker being able to execute OS commands via a Jinja template utilizing the publicly available getattr...

PT-2023-16876 · Unknown · Insightcloudsec

Name of the Vulnerable Software and Affected Versions: InsightCloudSec versions prior to 23.2.1 Description: An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. Thi...

mysql-selinux bug fix and enhancement update

An update is available for mysql-selinux. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list mysql-selinux package holds SELinux rules for the mariadb and mysql...

GSD-2022-1004829 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.250 by commit 65c24caf1b9f5b08397c6e805ec24ebc390c6e4d, it w...

GSD-2022-1004628 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit 7b564e3254b7db5fbfbf11a824627a6c31b932b4, it w...

GSD-2022-1004466 afs: Fix dynamic root getattr

afs: Fix dynamic root getattr This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit 2b2bba96526f25f2eba74ecadb031de2e05a83ce, it wa...

kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations

A denial of service flaw was found in fusedogetattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system...

GSD-2021-1000216 ceph: fix inode leak on getattr error in __fh_to_dentry

ceph: fix inode leak on getattr error in fhtodentry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.5 by commit...

GSD-2021-1000415 ceph: fix inode leak on getattr error in __fh_to_dentry

ceph: fix inode leak on getattr error in fhtodentry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.120 by commit...

UVI-2021-1000415 ceph: fix inode leak on getattr error in __fh_to_dentry

ceph: fix inode leak on getattr error in fhtodentry This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.120 by commit...

kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations

A denial of service flaw was found in fusedogetattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in versions of Linux kernel prior to 5.10.6, which stems from fusedogetattr calling makebadinode without proper context, which can be...

The vulnerabilities of Firefox ESR and Firefox, the rendering software Graphite 2, allow attackers to induce service failures or exert other effects.

The vulnerability of the graphite2::Slot::getAttr function Slot.cpp in Firefox ESR and Firefox browsers, as well as in the Graphite 2 rendering software, arises due to buffer overflows. Exploiting this vulnerability can allow an attacker to cause service interruptions or other effects through a...