1159 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-27888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005669)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005669 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...
Denial Of Service (DoS)
pypdf is vulnerable to Denial Of Service DoS. The vulnerability is due to manipulated FlateDecode XFA streams, where an attacker can craft a PDF that leads to RAM exhaustion by accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
EUVD-2026-8791
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM...
GHSA-X7HP-R3QG-R3CJ pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. Patches This has been fixed in pypdf==6.7.3. Workarounds If...
DEBIAN-CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
UBUNTU-CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
CVE-2026-27888
CVE-2026-27888 affects the pypdf library (Python) prior to 6.7.3. The issue arises when an attacker crafts a PDF that causes RAM exhaustion by accessing the reader/writer’s xfa property and a compressed stream using FlateDecode, leading to high availability impact. The vulnerability does not disc...
CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
CVE-2024-36310
Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...
CVE-2024-36355
Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...
CVE-2024-36310
Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...
PT-2026-7441
Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in input validation within the System Management Mode SMM communications buffer. This could allow a user with elevated privileges to read from or write to memory outside of designated...
EUVD-2025-206781
Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...
CVE-2025-68797 char: applicom: fix NULL pointer dereference in ac_ioctl
In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in acioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In acioctl, the validation of IndexCard and the check for a valid RamIO pointer are skipped when cmd is 6...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The issue of hiding VRAM sysfs attributes on GPUs without VRAM has been addressed. Otherwise, accessing these attributes can cause a crash...
MiracleLinux 9 : kernel-5.14.0-611.9.1.el9_7 (AXSA:2025-11506:95)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11506:95 advisory. kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix client side handling of tls alerts...