Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Binder: A check for offset alignment was added in bindergetobject. The commit 6d98eb95b450 “Binder: avoid potential data leakage when copying txn” introduced changes to the way binder objects are copied. As a result, an offset...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Avoid using a null object of the framebuffer. Instead of directly using state-fb-obj0, obtain the object from the framebuffer by calling drmgemfbgetobj. Return an error code when the object is null to avoid using a nu...

OESA-2026-2242 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

CVE-2026-42779

CVE-2026-42779 affects Apache MINA’s AbstractIoBuffer.resolveClass(), where one branch bypasses the classname allowlist and permits arbitrary class loading, enabling potential remote code execution via IoBuffer.getObject(). Affected are MINA 2.1.0–2.1.11 and 2.2.0–2.2.6. The issue is fixed by int...

PT-2026-35373

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description A flaw in the resolveClass function of AbstractIoBuffer allows a bypass of the classname allowlist for...

PT-2026-35387

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description An incomplete fix in the getObject function of the AbstractIoBuffer class allows for improper...

PT-2026-32435

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

CVE-2026-39414

MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit function...

PT-2026-31438

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2018-08-18T03-49-57Z through RELEASE.2025-12-20T04-58-37Z Description MinIO's S3 Select feature is susceptible to memory exhaustion when handling CSV files with lines exceeding available memory. The nextSplit function...

kernel: drm/amdgpu: avoid using null object of framebuffer

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of framebuffer...

kernel: drm/amdgpu: avoid using null object of framebuffer

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of framebuffer...

kernel: drm/amdgpu: avoid using null object of framebuffer

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of framebuffer...

UBUNTU-CVE-2024-46694

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of...

AZL-47519 CVE-2024-41093 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of framebuffer...

SUSE CVE-2024-26926

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 "binder: avoid potential data leakage when copying txn" introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset...

DEBIAN-CVE-2024-26926

In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in bindergetobject Commit 6d98eb95b450 "binder: avoid potential data leakage when copying txn" introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset...

Modesty Pdf2json 代码问题漏洞

PDF2JSON is a Java-based code library that allows PDF files to interact with Json files. PDF2JSON has a code problem vulnerability that stems from the discovery that pdf2json v0.71 contains a null pointer dereference in the component ObjectStream::getObject. No detailed vulnerability details are...

pdf2xml 缓冲区错误漏洞

pdftoxml is an open source PDF to XML converter. pdftoxml version 2.0 has a stack buffer overflow vulnerability in the getObjectStream component. No detailed vulnerability details are available at this time...

ceph: header-splitting in RGW GetObject has a possible XSS

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

UBUNTU-CVE-2018-20751

An issue was discovered in croppage in PoDoFo 0.9.6. For a crafted PDF document, pPage-GetObject-GetDictionary.AddKeyPdfName"MediaBox",var can be problematic due to the function GetObject being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL...