Lucene search
K

1159 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-27888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being...

8.7CVSS7.1AI score0.00348EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005669 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...

7.8CVSS6.5AI score0.00147EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/28 5:13 a.m.5 views

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service DoS. The vulnerability is due to manipulated FlateDecode XFA streams, where an attacker can craft a PDF that leads to RAM exhaustion by accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.8AI score0.00348EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/02/26 7:55 p.m.6 views

EUVD-2026-8791

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM...

8.7CVSS5.2AI score0.00348EPSS
Exploits1References5
OSV
OSV
added 2026/02/26 7:55 p.m.4 views

GHSA-X7HP-R3QG-R3CJ pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. Patches This has been fixed in pypdf==6.7.3. Workarounds If...

8.7CVSS5.8AI score0.00348EPSS
Exploits1References6
OSV
OSV
added 2026/02/26 1:16 a.m.5 views

DEBIAN-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

7.5CVSS8.1AI score0.00348EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 1:16 a.m.2 views

UBUNTU-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.7AI score0.00348EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/26 12:42 a.m.31 views

CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS0.00348EPSS
Exploits1References4
OSV
OSV
added 2026/02/26 12:42 a.m.8 views

CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.5AI score0.00348EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:42 a.m.5 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.4AI score0.00348EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/26 12:42 a.m.28 views

CVE-2026-27888

CVE-2026-27888 affects the pypdf library (Python) prior to 6.7.3. The issue arises when an attacker crafts a PDF that causes RAM exhaustion by accessing the reader/writer’s xfa property and a compressed stream using FlateDecode, leading to high availability impact. The vulnerability does not disc...

8.7CVSS5.4AI score0.00348EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/02/26 12:42 a.m.6 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS8.1AI score0.00348EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/02/16 7:29 p.m.6 views

CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...

4.6CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 8:16 p.m.9 views

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

7CVSS0.00153EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 7:24 p.m.5 views

CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...

4.6CVSS5.7AI score0.00177EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7441

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in input validation within the System Management Mode SMM communications buffer. This could allow a user with elevated privileges to read from or write to memory outside of designated...

4.6CVSS5.4AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/04 12:0 a.m.6 views

EUVD-2025-206781

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

7.5CVSS5.5AI score0.00478EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/13 3:29 p.m.23 views

CVE-2025-68797 char: applicom: fix NULL pointer dereference in ac_ioctl

In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in acioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In acioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6...

0.00173EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The issue of hiding VRAM sysfs attributes on GPUs without VRAM has been addressed. Otherwise, accessing these attributes can cause a crash...

5.6AI score0.00161EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 9 : kernel-5.14.0-611.9.1.el9_7 (AXSA:2025-11506:95)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11506:95 advisory. kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix client side handling of tls alerts...

7.8CVSS7.5AI score0.00528EPSS
Exploits0References23
Rows per page
Query Builder