Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: the issue with the mutex hash calculation due to hugetlb faults has been fixed. In mfillatomichugetlb, the linearpageindex function is used to calculate the page index for hugetlbfaultmutexhash. However,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: md/md-bitmap: corrected incorrect usage of sbindex The commit d7038f951828 "md-bitmap: do not use -index for pages backing the bitmap file" removed page-index from the bitmap code. However, incorrect code logic was retained fo...

CVE-2026-8318

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

CVE-2026-8318 VectifyAI PageIndex PDF Table of Contents page_index.py toc_transformer infinite loop

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

CVE-2026-31575

A flaw was found in the Linux kernel. A mismatch in the calculation of page indexes for huge pages within the mm/userfaultfd component can lead to race conditions between threads. These race conditions can corrupt the reservation map, potentially causing a system crash and resulting in a Denial o...

DEBIAN-CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfillatomichugetlb, linearpageindex is used to calculate the page index for hugetlbfaultmutexhash. However, linearpageindex returns the index in PAGESIZE units, while...

UBUNTU-CVE-2025-71068

In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rqpages index in inline path svcrdmacopyinlinerange indexed rqstp-rqpagesrccurpage without verifying rccurpage stays within the allocated page array. Add guards before the first use and after advancing to a n...

PT-2026-26125

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs file system related to the handling of node footers during read and write operations. Specifically, the issue arises when a corrupted nod...

EUVD-2023-60353

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

SUSE CVE-2025-21984

In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfdmove encounters swapcache userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting: srcfolio-inde...

PT-2024-8489 · Mozilla · Pdf.Js

Name of the Vulnerable Software and Affected Versions: macro-pdfviewer versions prior to 2.5.6 Description: The macro-pdfviewer, a PDF Viewer Macro for XWiki using Mozilla pdf.js, has a vulnerability that allows an attacker to view any attachment using the "Delegate my view right" feature. This c...

GOsa Cross-Site Scripting Vulnerability

GOsa is a set of LDAP front-end tools for managing users. A cross-site scripting vulnerability exists in the 'displayLogin' function of the html/index.php file in GOsa. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a username...

UBUNTU-CVE-2014-3198

The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified...

CVE-2006-1196

Multiple cross-site scripting XSS vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 from and 2 help parameters to a index.php; 3 action, 4 page, 5 debug, 6 help, 7 username, or 8 password parameters to b login.php; the 7 help parameter to c...