Lucene search
K

252 matches found

OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-53356

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sgpage returns struct page pointer not void so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted...

5.7AI score0.00164EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 8:38 a.m.10 views

CVE-2026-53185

CVE-2026-53185 concerns the Linux kernel zram subsystem. The issue is a use-after-free in zram_bvec_write_partial(), where zram_read_page() can dispatch reads asynchronously for ZRAM_WB slots and return before the backing read completes. The caller may then operate on a buffer that is freed, risk...

7.8CVSS5.8AI score0.00102EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Oracle Linux 8 : kernel (ELSA-2026-27811)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-27811 advisory. - selinux: RHEL-only hotfix for execmem regression Ondrej Mosnacek RHEL-179435 CVE-2026-46054 - selinux: fix overlayfs mmap and mprotect access checks Ondrej...

7.1CVSS6AI score0.00118EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.7 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

DEBIAN-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS0.00282EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:17 p.m.3 views

UBUNTU-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/23 8:48 p.m.9 views

EUVD-2026-38590

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/23 8:48 p.m.6 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51599

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description An issue exists in the POJOPropertiesCollector. renameProperties function where a property with @JsonProperty"renamed" on the getter and...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/22 9:59 a.m.5 views

kernel: selinux: fix overlayfs mmap() and mprotect() access checks

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check of BO’s backing stores when determining GFX12 PTE flags PRT BOs may not have any backing store; therefore, bo-tbo.resource will be NULL. Check for this before dereferencing. Selected from commit...

5.5CVSS6.1AI score0.00174EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 7:53 a.m.9 views

kernel: selinux: fix overlayfs mmap() and mprotect() access checks

A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for mmap and mprotect operations. This oversight could allow a local attacker to bypass intended security policies, potential...

7.1CVSS5.4AI score0.00118EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.15 views

SUSE CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 2:17 p.m.15 views

CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

7.1CVSS0.00118EPSS
Exploits0References12
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 12:57 p.m.62 views

CVE-2026-46054

CVE-2026-46054 affects the Linux kernel SELinux overlayfs access checks for mmap() and mprotect(). The issue arises from insufficient enforcement of backing-file access between the user file and backing file, potentially bypassing policies. A patch introduces security_mmap_backing_file() to enfor...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.45 views

CVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checks

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

7.1CVSS0.00118EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:57 p.m.9 views

CVE-2026-46054

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/27 12:57 p.m.13 views

EUVD-2026-32436

In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap and mprotect access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file the "user" file and the mounter's credentials ar...

5.8AI score0.00118EPSS
Exploits0References2
Rows per page
Query Builder