34 matches found
PT-2026-42651
Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto , constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...
PT-2026-34426
In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a symbol st shndx is out of bounds The module loader doesn't check for bounds of the ELF section index in simplify symbols: for i = 1; i sh size / sizeofElf Sym; i++ const char name = info-strtab +...
OESA-2026-1542 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
Mageia: Security Advisory (MGASA-2025-0333)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
MGASA-2025-0333 Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
RGW DoS attack with empty HTTP header in S3 object copy
...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866
CVE-2024-47866 affects Ceph RGW: using x-amz-copy-source with an empty string as object content can crash RGW and cause DoS in Ceph versions up to 19.2.3. Public details confirm impact is a denial of service; no patch in initial disclosure. Some connected advisories note fixes or mitigations in d...
EUVD-2022-47059
Malicious code in bioql PyPI...
EUVD-2022-36162
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-33108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. CVE-2022-33108 Note that Nessus relies on the...
CVE-2022-49963 drm/i915/ttm: fix CCS handling
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...
CVE-2022-44108
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
Stack Overflow
XPDF is vulnerable to a stack overflow via the Object::Copy class in object.cc files...
SUSE CVE-2022-33108
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files...
CVE-2022-44108
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
Stack overflow
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
CVE-2022-44108
CVE-2022-44108 affects pdftojson commit 94204bb, which is reported to cause a stack overflow in Object::copy(Object*):Object.cc. The vulnerability is rated CRITICAL (CVSS 3.1: 9.8) with network attack vector, no user interaction, and high impact on confidentiality, integrity, and availability. Co...