5457 matches found
Important: Red Hat Security Advisory: gegl04 security update
An update for gegl04 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...
CVE-2026-60000
A flaw was found in OpenSSH's Secure Shell Daemon sshd. This vulnerability allows a remote attacker to cause a denial of service by initiating an excessive number of authentication attempts. The issue arises from the mishandling of the MaxAuthTries setting specifically when using...
CVE-2026-60000
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...
CVE-2026-60000
sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...
CVE-2026-52200
The Crunch CVE-2026-52200 affects Generic OEM UZ801_v2.1 4G LTE Router in firmware V3.4.3. A remote attacker can execute arbitrary code via the /ajax web management API endpoint in MifiService.apk, leading to full device compromise. The available connected records do not provide deeper root-cause...
PT-2026-56291
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component allows remote attackers to cause a denial of service through resource consumption. This occurs due to the mishandling of the MaxAuthTries variable during GSSAPIAuthentication, which...
CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout
Lack of escaping leads to an XSS vulnerability in the generic image output layout...
CVE-2026-48953
CVE-2026-48953 affects Joomla! Core. The issue is an XSS in the generic image output layout caused by a lack of escaping in the rendering path. Affected software is Joomla! Core (security entry notes this under 2026-07-07). The root cause is input/output escaping not being applied when generating...
PYSEC-2026-1953 TensorFlow has segmentation fault in tfg-translate
Impact Out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic...
PT-2026-56226
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the generic image output layout leads to a Cross-Site Scripting XSS issue, where malicious scripts can be injected into web pages viewed by other users. Recommendatio...
CVE-2026-54512
A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...
SUSE-SU-2026:2238-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...
Linux Distros Unpatched Vulnerability : CVE-2026-53307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This...
Missing Critical Step in Authentication
Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can...
CVE-2026-53307
A flaw was found in the Linux kernel. The pinctrl: pinconf-generic subsystem does not properly validate the 'pinmux' property. An attacker could provide an empty 'pinmux' property, which would cause the system to crash due to invalid memory access. This could lead to a denial of service...
SUSE CVE-2026-53307
In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...
Linux Distros Unpatched Vulnerability : CVE-2026-53226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gpio: rockchip: fix generic IRQ chip leak on remove The driver allocates domain generic chips using irqallocdomaingenericchips during probe. However, on driver...
ipv6: sit: reload inner IPv6 header after GSO offloads
...
CVE-2026-53228
A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...