CVE-2026-41716 Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11;...

SUSE CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

CVE-2026-43245

CVE-2026-43245 affects the Linux kernel NTFS driver. The root cause is that ntfs: ->d_compare() could block, with related memory-allocation issues in names_cachep. The authenticated fixes switch critical paths to non-blocking allocations: use kmalloc(PATH_MAX, GFP_NOWAIT) for the path/name han...

PT-2026-37585

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NTFS driver where the d compare function improperly blocks due to the use of getname. To resolve this, the implementation was switched to use kmallocPATH MAX, GFP...

The vulnerability of the NSCCD server caching service in the GNU C Library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the NSCCD daemon, a caching service for system names in the GNU C Library, is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to compromise the confidentiality, integrity, and accessibility of the protected...

security flaw

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIGAUDITSYSCALL is enabled, uses an incorrect function to free namescache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denia...