2668 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release the per-CPU pgmap reference when vminsertpage fails. When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap does not invoke percpurefput to free the per-CPU reference to pgmap acquired after...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which remains 0 after initialization at the beginning of the function: unsigned int type, ext, len ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: alpha: Fixed corruption in user-space during memory compaction. Alpha systems may experience sporadic crashes in user-space and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV signals, failures by t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ipvlan: Made addrslock to be per-port. Made addrslock to be per-port, not per ipvlandev. The initial code seems to assume that any address changes must occur under RTNL. However, this is not the case for IPv6. Therefore: 1...
SUSE-SU-2026:2622-1 Security update for libheif
This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read...
CVE-2026-52944
Technical details are not publicly available in the provided documents. The CVE describes a permission bypass in ksmbd/fsctl_set_sparse, but no concrete affected products/versions/fixes are included here. Monitor for updates and vendor advisories.
EUVD-2026-38734
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...
PT-2026-51978
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lock ordering problem exists in the BPF subsystem when using the task vma iterator. Holding the per-VMA lock across the BPF program body can lead to a deadlock when helpers attempt to...
PT-2026-51963
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference exists in the xdp master redirect function. This occurs when the function attempts to call the master's ndo xdp get xmit slave while the master device is not u...
PT-2026-52018
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ublk component where the per-IO canceled flag may remain set if a ublk server dies after issuing some, but not all, fetch commands during device recovery. Because...
PT-2026-51970
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read occurs during the copying of elements from a BPF MAP TYPE CGROUP STORAGE map to a per-CPU pcpu map when the value size is not aligned to 8 bytes. The pcpu init valu...
PT-2026-51759
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the Linux kernel, the fsctl set sparse function fails to perform necessary permission checks when processing the FSCTL SET SPARSE operation. This allows a client on a read-only share ...
EUVD-2026-37954
phpMyFAQ: Missing userHasPermission in 4 API write endpoints CVE-2026-24421 Incomplete Fix...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the BeanDeserializerBase.createContextual method, which applies the per-property exclusions through handleByNameInclusion and then rebuilds the property m...
jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...
UBUNTU-CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-46553
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
EUVD-2026-38593
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...
CVE-2026-54515 jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-54319 Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...