130 matches found
CVE-2026-53100
The CVE-2026-53100 entry describes a deadlock in the Linux kernel’s wifi/mt76 path when remain-on-channel is used. Specifically, mt76_remain_on_channel() and mt76_roc_complete() call mt76_set_channel() while dev->mutex is already held; since mt76_set_channel() also acquires dev->mutex, this...
GHSA-9FXM-VC8V-HJ55 jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields
Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...
jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields
Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...
CVE-2026-54516 jackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fields
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...
SUSE-SU-2026:22343-1 Security update for firewalld
This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...
vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...
GHSA-Q3FM-4WCW-G57X vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter
Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cgroup setter in schedext reading scxroot before acquiring a lock. This could lead to reusing...
PT-2026-42689
Name of the Vulnerable Software and Affected Versions js-cookie versions prior to 3.0.7 Description The internal assign function copies properties using a for...in loop and plain assignment. When a source object is created via JSON.parse, the proto member is treated as an own enumerable property...
CLSA-2026-1778891359 libpng: Fix of CVE-2026-34757
CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS, pngsethIST, pngsettext, pngsetsPLT and pngsetunknownchunks when the caller passes the pointer returned by the corresponding getter back to the setter...
JLSEC-2026-498
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...
CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()
Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : libpng vulnerabilities (USN-8251-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8251-1 advisory. It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricke...
Arbitrary Code Injection
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection despite the recently introduced neutralizeArraySpeciesBatch helper in lib/bridge.js. An attacker can execute arbitrary code ...
Arbitrary Code Injection
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection despite the recently introduced neutralizeArraySpeciesBatch helper in lib/bridge.js. An attacker can execute...
USN-8251-1: libpng vulnerabilities
It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...
USN-8251-1 libpng1.6 vulnerabilities
It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...
OESA-2026-2149 libpng security update
The libpng package contains libraries used by other programs for reading and writing PNG format files. The PNG format was designed as a replacement for GIF and, to a lesser extent, TIFF, with many improvements and extensions and lack of patent problems. Security Fixes: LIBPNG is a reference libra...
Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization
...