Lucene search
K

143 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The ATTRCTIME flags were set when setting the mtime. David reported that the new warning from setattrcopymgtime appears as follows: 113.215316 ------------ Cut here ----------- 113.215974 WARNING: CPU: 1 PID: 31 at...

5.5CVSS6.3AI score0.00203EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed the handling of large file sizes in NFSv3 SETATTR/CREATE procedures. iattr::iasize is a lofft; therefore, these NFSv3 procedures must be careful to handle incoming client size values that are larger than s64max...

5.5CVSS6.4AI score0.00254EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: The statement “goto right label ‘outmmapsem’” in ext4setattr has been removed. Otherwise, if ext4 inodeattachjinode fails, a hung task will occur because the function filemapinvalidateunlock is not called to unlock...

5.5CVSS6.4AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs: Fixed an issue with uninitialized values in fromkuid and fromkgid. ocfs2setattr uses attr-iamode, attr-iauid, and attr-iagid in a trace point, even though ATTRMODE, ATTRUID, and ATTRGID are not set. All fields of newattrs...

5.5CVSS6.5AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: A panic occurs when growing a memfdsecret. When attempting to grow an existing memfdsecret using ftruncate, a panic occurs 1. For example, performing the following reliably will cause the panic: c fd = memfdsecret;...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed iasize underflow iaattr::iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Therefore, there is a range of valid file size values that an NFS client...

5.5CVSS6.5AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24791

In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4setattr to convert files from inline data storage to extent-based storage when truncate grows the file size beyond the inline capacity. Thi...

5.6AI score0.00129EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ext4setattr function. When the truncation operation exceeds the inline capacity, the inline...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/11 5:30 a.m.10 views

Arbitrary Code Execution

Lupa is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent enforcement of attributefilter when attributes are accessed via built-in functions like getattr and setattr, allowing attackers to bypass restrictions and potentially achieve arbitrary code execution...

10CVSS6.1AI score0.00613EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/07 3:48 p.m.8 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00613EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/07 3:48 p.m.4 views

Arbitrary Code Injection

Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...

10CVSS6.1AI score0.00613EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 3:48 p.m.3 views

EUVD-2026-19346

Lupa has a Sandbox escape and RCE due to incomplete attributefilter enforcement in getattr / setattr...

7.9CVSS5.9AI score0.00613EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 3:48 p.m.7 views

GHSA-69V7-XPR6-6GJM Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00613EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/06 7:52 p.m.12 views

CVE-2026-34444

A flaw was found in Lupa, a tool that integrates Lua or LuaJIT2 runtimes into CPython. An attacker can exploit this vulnerability by bypassing attribute filtering mechanisms when accessing attributes through built-in functions like getattr and setattr. This inconsistency in applying security...

10CVSS6AI score0.00613EPSS
Exploits1References4
OSV
OSV
added 2026/04/06 4:16 p.m.7 views

DEBIAN-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00613EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/06 4:16 p.m.3 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00613EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/06 3:30 p.m.3 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00613EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/06 3:30 p.m.4 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

7.9CVSS6.2AI score0.00613EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 3:30 p.m.20 views

CVE-2026-34444

CVE-2026-34444 affects Lupa (Lua/LuaJIT2 runtimes integrated into CPython). The attribute_filter is not consistently applied when attributes are accessed via built-in functions like getattr/setattr, allowing bypass of restrictions and potentially arbitrary code execution. Documented in multiple s...

10CVSS6.2AI score0.00613EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/06 3:30 p.m.29 views

CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

7.9CVSS0.00613EPSS
Exploits1References1
Rows per page
Query Builder