141 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed iasize underflow iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Therefore, there is a range of valid file size values that an NFS client can send...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: A panic occurs when growing a memfdsecret. When attempting to grow an existing memfdsecret using ftruncate, a panic occurs 1. For example, performing the following reliably will cause the panic: c fd = memfdsecret;...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed the handling of large file sizes in NFSv3 SETATTR/CREATE procedures. iattr::iasize is a lofft type; therefore, these NFSv3 procedures must be careful to handle incoming client size values that are larger than s64ma...
EUVD-2026-24791
In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4setattr to convert files from inline data storage to extent-based storage when truncate grows the file size beyond the inline capacity. Thi...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ext4setattr function. When the truncation operation exceeds the inline capacity, the inline...
Arbitrary Code Execution
Lupa is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent enforcement of attributefilter when attributes are accessed via built-in functions like getattr and setattr, allowing attackers to bypass restrictions and potentially achieve arbitrary code execution...
EUVD-2026-19346
Lupa has a Sandbox escape and RCE due to incomplete attributefilter enforcement in getattr / setattr...
GHSA-69V7-XPR6-6GJM Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...
Arbitrary Code Injection
Overview lupa is a Python wrapper around Lua and LuaJIT Affected versions of this package are vulnerable to Arbitrary Code Injection incomplete enforcement of the attributefilter in the getattr and setattr built-in functions. An attacker can execute arbitrary commands in the host environment by...
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...
CVE-2026-34444
A flaw was found in Lupa, a tool that integrates Lua or LuaJIT2 runtimes into CPython. An attacker can exploit this vulnerability by bypassing attribute filtering mechanisms when accessing attributes through built-in functions like getattr and setattr. This inconsistency in applying security...
DEBIAN-CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
CVE-2026-34444
CVE-2026-34444 affects Lupa (Lua/LuaJIT2 runtimes integrated into CPython). The attribute_filter is not consistently applied when attributes are accessed via built-in functions like getattr/setattr, allowing bypass of restrictions and potentially arbitrary code execution. Documented in multiple s...
CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
CVE-2026-34444 Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
CVE-2026-34444
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...
Lupa 安全漏洞
Lupa is a bridging library developed by Scoder’s individual developers, which embeds the Lua runtime into Python. Versions of Lupa 2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the fact that the property filter was not consistently applied in built-in...
SUSE CVE-2026-34445
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn't check if the...
EUVD-2026-17985
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings...