15 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: md/md-bitmap: corrected incorrect usage of sbindex The commit d7038f951828 "md-bitmap: do not use -index for pages backing the bitmap file" removed page-index from the bitmap code. However, incorrect code logic was retained fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: the issue with the mutex hash calculation due to hugetlb faults has been fixed. In mfillatomichugetlb, the linearpageindex function is used to calculate the page index for hugetlbfaultmutexhash. However,...
CVE-2026-8318
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...
CVE-2026-8318 VectifyAI PageIndex PDF Table of Contents page_index.py toc_transformer infinite loop
A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...
CVE-2026-31575
A flaw was found in the Linux kernel. A mismatch in the calculation of page indexes for huge pages within the mm/userfaultfd component can lead to race conditions between threads. These race conditions can corrupt the reservation map, potentially causing a system crash and resulting in a Denial o...
DEBIAN-CVE-2026-31575
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...
UBUNTU-CVE-2025-71068
In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rqpages index in inline path svcrdmacopyinlinerange indexed rqstp-rqpagesrccurpage without verifying rccurpage stays within the allocated page array. Add guards before the first use and after advancing to a n...
PT-2026-26125
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs file system related to the handling of node footers during read and write operations. Specifically, the issue arises when a corrupted nod...
EUVD-2023-60353
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...
CVE-2021-0942
The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...
SUSE CVE-2025-21984
In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfdmove encounters swapcache userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting: srcfolio-inde...
PT-2024-8489 · Mozilla · Pdf.Js
Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...
GOsa Cross-Site Scripting Vulnerability
GOsa is a set of LDAP front-end tools for managing users. A cross-site scripting vulnerability exists in the 'displayLogin' function of the html/index.php file in GOsa. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a username...
UBUNTU-CVE-2014-3198
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified...
CVE-2006-1196
Multiple cross-site scripting XSS vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 from and 2 help parameters to a index.php; 3 action, 4 page, 5 debug, 6 help, 7 username, or 8 password parameters to b login.php; the 7 help parameter to c...