Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the runsc process, which has "root-like" permissions. An attacker can expose files on the underlying filesystem by escalating privileges before a project is forked. Remediation Upgrade...

SUSE CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

SUSE CVE-2023-52940

In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lrugenmigratemm assumes lrugenaddmm runs prior to itself. This isn't true for the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite cgrouppostfork tasklock...

PT-2025-13547

Name of the Vulnerable Software and Affected Versions: Google gVisor affected versions not specified Description: The issue is related to a local privilege escalation due to incorrect handling of file access permissions in Google gVisor's runsc component. This allowed unprivileged users to access...

CVE-2025-2888

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20...

CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

DEBIAN-CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

UBUNTU-CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49744

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49744

The CVE-2022-49744 entry concerns a Linux kernel mm/uffd issue: when forking, the dst_vma may not inherit VM_UFFD_WP even if the src has it, leading to a stale pte marker and potential access to a corrupted page. The fix is a two‑patch series under “mm: Fixes on pte markers” that hardens pte mark...

PT-2025-13286 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the handling of pte markers when the fork function is called without a fork event. The issue was addressed through a...

PT-2025-16730

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc5+ Description A vulnerability in the Linux kernel has been resolved, related to the handling of VM PAT when fork fails in copy page range. If track pfn copy fails, the dst VMA is added to the maple tree...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +107 more potentially affected by CVE-2025-26699 via django (>=4.2.0 <=4.2.2)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.4.3 and more Source cves: CVE-2025-26699 Source advisory: OSV:PYSEC-2025-13...

Linux Distros Unpatched Vulnerability : CVE-2024-50220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series fork: do not expose incomplete...

MAL-2025-1623 Malicious code in react-content-loader-fork (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 29f4fac1cd9b3669fd66345e097ee2be915ef08de77e2fe1a0473640df479d33 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2022-48921

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been bisected to commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" There is a race between schedpostfork and...

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...