2117 matches found
GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...
EUVD-2022-54801
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inlinedots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt...
DEBIAN-CVE-2023-53692
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...
CVE-2023-53692
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...
UBUNTU-CVE-2023-53692
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...
CVE-2023-53692 ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...
CVE-2023-53692
Detected CVE-2023-53692 affecting Linux kernel ext4 when bigalloc and inline data are enabled. Root cause: use-after-free in ext4_find_extent triggered during inline data conversion to extents or block mapping, leading to UAF in ext4_ext_binsearch_idx/ext4_find_extent paths. The description notes...
CVE-2023-53692 ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...
pypdf 安全漏洞
pypdf is py-pdf open source a free open source pure python PDF library . The ability to split, merge, crop and convert pages of a PDF file. A security vulnerability exists in pypdf versions prior to 6.1.3, which stems from parsing a stream of inline image page content using the DCTDecode filter,...
PT-2025-43413
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.1.3 Description A crafted PDF file can cause an infinite loop when parsed, specifically when processing the content stream of a page containing an inline image utilizing the DCTDecode filter. This issue requires parsi...
EUVD-2022-54868
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1, which can be reproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611! Call Trace:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987709)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987709 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4write and ext4convertinlinedata Hulk Robot reported a BUGON:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987545)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987545 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 fs: Don't...
CVE-2025-62506
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS
mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...
GHSA-JJJJ-JWHF-8RGR MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
Summary A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user...
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
Summary A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user...
CVE-2025-62506
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506
MinIO CVE-2025-62506 is a privilege-escalation issue in which a restricted service/STS account can create a new service account for itself due to a DenyOnly short-circuit in session-policy validation. Affected versions are prior to RELEASE.2025-10-15T17-29-55Z; the attacker may gain parent-level ...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...