140 matches found
CVE-2026-53199
A flaw was found in the Linux kernel's Hyper-V network virtual service client hvnetvsc component. This vulnerability occurs in the netvsccopytosendbuf function, where incorrect memory mapping of page buffer entries can lead to a system fault. Specifically, on 32-bit x86 systems with high memory...
CVE-2026-53199
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...
UBUNTU-CVE-2026-53199
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...
CVE-2026-53199
CVE-2026-53199 pertains to the Linux kernel hv_netvsc path, where netvsc_copy_to_send_buf previously used phys_to_virt() on page buffer PFNs and could fault when fragments referenced high mem/user pages on 32-bit x86 with HIGHMEM. The fix maps pages with kmap_local_page() and reconstructs native ...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: debugobjects: Do not wake up kswapd from fillpool. syzbot reports a lockdep warning in fillpool, because the allocation via debugobjects uses GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM. This attempt to wake up kswapd resul...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Added an addpages override for PPC. With the commit ffa0b64e3be5 “powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit”, the kernel now validates the addr against the highmemory value. This results in the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: PowerPC: Fixed virtaddrvalid for 64-bit Book3E & 32-bit systems. MPE: On 64-bit Book3E, the vmalloc space starts at 0x8000000000000000. Due to the way pa works, pa0x8000000000000000 returns 0. Consequently,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: corrected incorrect kunmap when using LZMA on HIGHMEM platforms As shown in the call trace, the root cause is incorrect pages handled by kunmap: BUG: Kernel NULL pointer dereferencing, address: 00000000 CPU: 1 PID: 40 Comm...
Denial of Service (DoS)
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of resource requests. An attacker can cause the application to become unresponsive by sending specially crafted requests that...
CVE-2026-43469
A flaw was found in the Linux kernel's xprtrdma component. This vulnerability occurs when the rpcrdmapostrecvs function fails to create a work request or exits prematurely, leading to the rereceiving counter not being decremented. This improper resource handling can cause the system to hang...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to inefficient decoding of array-based streams, where accessing an array-based stream with many entries leads to long runtimes and large memory usage, and attackers can exploit it by crafting a malicious PDF with a large array-bas...
UBUNTU-CVE-2026-33123
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...
pypdf 安全漏洞
pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.9.1 contained security vulnerabilities, which stemmed from defects in processing malicious PDFs. These vulnerabiliti...
PT-2026-22400
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.4 Description The pypdf library is susceptible to a resource exhaustion issue. An attacker can create a specially crafted PDF file that causes excessive memory usage when processed using the RunLengthDecode filter...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
Important: python-urllib3
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...