485 matches found
Incorrect Authorization
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization due to improper authorization in the legacy license checkin process. An attacker can reclaim license seats assigned to other users or assets by...
EUVD-2026-42998
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-55479
Snipe-IT before 8.6.2 contains a logic flaw in the legacy single-seat license checkin flow: the action is authorized with checkout permission instead of checkin permission, allowing a user who can assign licenses (but not unassign them) to access the old checkin endpoint and reclaim a license sea...
CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-53334
A flaw was found in the Linux kernel's Data Access Monitor DAMON reclaim and Least Recently Used LRU sort mechanisms. This vulnerability arises from an incorrect assumption that a memory allocation will always succeed. If the allocation fails, a NULL pointer is dereferenced, which can lead to...
CVE-2026-53334
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
UBUNTU-CVE-2026-53334
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
EUVD-2026-40968
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
CVE-2026-53334
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
CVE-2026-53334 mm/damon/reclaim: handle ctx allocation failure
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
CVE-2026-53334
The CVE-2026-53334 entry concerns the Linux kernel’s DAMON subsystem (mm/damon/reclaim). Concrete details show that if damon_ctx allocations fail, code paths may dereference a NULL ctx pointer in the reclaim path, leading to a NULL dereference. The fix patches the init flow so that damon_reclaim_...
CVE-2026-54902
CVE-2026-54902 affects the Ruby gem Oj (Optimized JSON). In SAJ mode prior to 3.17.2, the parser’s key caching can be GC’d while the C parser still references it, causing a Use-After-Free and a segfault when a freed VALUE is accessed. The issue is fixed in version 3.17.2. Exploitation details are...
SUSE-SU-2026:22433-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...
CVE-2026-53087
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...
EUVD-2026-38955
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclamation The new inode function returns a new inode with inode-imapping-gfpmask set to GFPHIGHUSERMOVABLE. This value includes the GFPFS flag, allowing allocations in that address space to...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed a deadlock involving nfsreleasefolio Wang Zhaolong reported a deadlock involving NFSv4.1 state recovery, waiting on kthreadd, which attempts to reclaim memory by calling nfsreleasefolio. The latter cannot proceed due t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fixed the WQMEMRECLAIM warning When sunrpc is used, if a reset occurs, our workqueue may result in the following call trace: workqueue: WQMEMRECLAIM xprtiod: xprtrdmaconnectworker rpcrdma is being flushed! WQMEMRECLAIM...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mm: slub: Fix the invocation of flushcpuslab and freeslab in the task context. The commit 5a836bf6b09f “mm: slub: Move the invocation of flushcpuslab and freeslab out of the IRQ context” fixes this issue by moving all invocations...
SUSE CVE-2026-46256
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...