abrt: Command-injection in ABRT leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

abrt: Command-injection in ABRT leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

SUSE CVE-2025-12744

A flaw was found in the ABRT daemon's handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

CVE-2025-12744

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

CVE-2025-12744 Abrt: command-injection in abrt leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

CVE-2025-12744

ABRT daemon contains a flaw in handling user-supplied mount information: it copies up to 12 characters from untrusted input into a shell command (docker inspect %s) without proper validation, allowing a local unprivileged user to inject shell metacharacters and cause the root-running ABRT process...

EUVD-2025-200735

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

Red Hat ABRT 安全漏洞

Red Hat ABRT is a suite of tools from Red Hat, Inc. that helps users detect and report application crashes. A security vulnerability exists in Red Hat ABRT that stems from a lack of validation when processing user-supplied mount information, which could cause a local user to execute arbitrary...

SUSE CVE-2021-47599

In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...

UBUNTU-CVE-2021-47599

In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...

util-linux / mount information leakage

It's possible to check file existance...

Linux Gather System and User Information

This module gathers system information. We collect installed packages, installed services, mount information, user list, user bash history and cron jobs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

CVE-2008-2308

Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service memory corruption and application crash by resolving an alias that contains crafted AFP volume mount information...