34 matches found
PT-2026-42651
Summary The copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and does not filter dangerous keys proto , constructor, prototype. This allows an attacker to pollute the prototype chain of all objects in the...
PT-2026-34426
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The module loader fails to verify the bounds of the ELF section index within the simplify symbols function. A symbol containing an out-of-bounds st shndx value, such as those defined as...
OESA-2026-1542 ceph security update
Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument...
rgw: RGW DoS attack with empty HTTP header in S3 object copy
A flaw was found in Ceph RGW. Using the x-amz-copy-source header to upload an empty object will cause Ceph RGW to crash, leading to availability issues...
Mageia: Security Advisory (MGASA-2025-0333)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
MGASA-2025-0333 Updated ceph packages fix security vulnerability
RGW DoS attack with empty HTTP header in S3 object copy. CVE-2024-47866...
RGW DoS attack with empty HTTP header in S3 object copy
...
CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
CVE-2024-47866
CVE-2024-47866 affects Ceph RGW: using x-amz-copy-source with an empty string as object content can crash RGW and cause DoS in Ceph versions up to 19.2.3. Public details confirm impact is a denial of service; no patch in initial disclosure. Some connected advisories note fixes or mitigations in d...
EUVD-2022-47059
Malicious code in bioql PyPI...
EUVD-2022-36162
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-33108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. CVE-2022-33108 Note that Nessus relies on the...
CVE-2022-49963 drm/i915/ttm: fix CCS handling
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEMBUGONnumccsblks NUMCCSBLKSPERXFER And it looks like we can also trigger this with gemlmemswapping, if we modify the test to use slightly larger obje...
CVE-2022-44108
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
Stack Overflow
XPDF is vulnerable to a stack overflow via the Object::Copy class in object.cc files...
SUSE CVE-2022-33108
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files...
CVE-2022-44108
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
Stack overflow
pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copyObject:Object.cc...
CVE-2022-44108
CVE-2022-44108 affects pdftojson commit 94204bb, which is reported to cause a stack overflow in Object::copy(Object*):Object.cc. The vulnerability is rated CRITICAL (CVSS 3.1: 9.8) with network attack vector, no user interaction, and high impact on confidentiality, integrity, and availability. Co...