Lucene search
K

1163 matches found

Cvelist
Cvelist
added 2026/04/22 9:2 p.m.27 views

CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

4.8CVSS0.00226EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 9:2 p.m.50 views

CVE-2026-41312

CVE-2026-41312 affects the pypdf Python library. Versions prior to 6.10.2 are vulnerable where an attacker can craft a PDF containing a /FlateDecode stream with a /Predictor not equal to 1 and large predictor parameters, causing RAM exhaustion (local access; potential DoS). Affects pypdf’s handli...

6.5CVSS5.6AI score0.00226EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/04/22 9:2 p.m.7 views

CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

6.5CVSS5.3AI score0.00226EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 6:7 p.m.6 views

CVE-2026-31465

A flaw was found in the Linux kernel. This vulnerability occurs in the writeback mechanism, specifically when handling filesystems that do not guarantee data persistence on synchronization sync operations, such as fuse and fuse-overlayfs. Under certain conditions, like during a suspend-to-RAM eve...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.9 views

EUVD-2026-24809

In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SBINODATAINTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set, sy...

5.4AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 2:16 p.m.4 views

CVE-2026-31467

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...

7.5CVSS0.00378EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/22 1:53 p.m.29 views

CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...

7.5CVSS0.00378EPSS
Exploits0References7
CVE
CVE
added 2026/04/22 1:53 p.m.13 views

CVE-2026-31465

CVE-2026-31465 in the Linux kernel concerns the writeback path for filesystems without data integrity guarantees (e.g., fuse). The fix adds a SB_I_NO_DATA_INTEGRITY superblock flag; when set, sync kicks off writeback of dirty inodes but does not wait for flusher threads to finish. The change move...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34370

In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB I NO DATA INTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set...

5.4AI score0.00121EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of GFP-Kernel in vmmap Ram. This vulnerability may cause swap I/O to be triggered during...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013158)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013158 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat...

5.6AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 9:30 p.m.3 views

GHSA-X284-J5P8-9C5P pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...

6.8CVSS5.7AI score0.00226EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/16 9:30 p.m.8 views

pypdf: Manipulated FlateDecode image dimensions can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...

6.5CVSS5.7AI score0.00226EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 9:30 p.m.12 views

pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor parameters. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot...

6.5CVSS5.7AI score0.00226EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-34565

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing a stream compressed using '/FlateDecode' with a /Predictor unequal to 1...

6.5CVSS5.1AI score0.00226EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-34567

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing an image using the '/FlateDecode' filter with large size values...

6.5CVSS5.2AI score0.00226EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006733 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries...

5.5CVSS5.8AI score0.00148EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23352

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

5.5CVSS0.00125EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005665 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...

7.8CVSS5.9AI score0.00147EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005471 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...

7.8CVSS5.9AI score0.00147EPSS
Exploits0References4
Rows per page
Query Builder