Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios. CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

Astra Linux - уязвимость в poppler

The JPXStream::init function in Poppler 0.78.0 and earlier does not check for negative values of stream length, which can lead to an Integer Overflow. This allows an attacker to allocate a large memory chunk on the heap, with the size controlled by them. This issue was demonstrated by pdftocairo...

SUSE CVE-2026-31747

In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...

EUVD-2026-10924

pypdf: manipulated stream length values can exhaust RAM...

GHSA-HQMH-PPP3-XVM7 pypdf: manipulated stream length values can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Patches This has been fixed in pypdf==6.8.0. Workarounds If you canno...

CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

DEBIAN-CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

CVE-2026-31826

The CVE-2026-31826 vulnerability affects the pypdf library prior to 6.8.0. When parsing a content stream with a very large /Length value (independent of the data length), an attacker can trigger excessive memory usage, impacting availability. The issue is resolved in version 6.8.0. Exploit detail...

CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

EUVD-2018-17663

Malware in sbrugna...

EUVD-2010-1660

Malware in sbrugna...

EUVD-2024-40848

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-37947

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating pos ksmbdvfsstreamwrite did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than or equal to vle...

CVE-2025-37947 ksmbd: prevent out-of-bounds stream writes by validating *pos

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating pos ksmbdvfsstreamwrite did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than or equal to vle...

CVE-2024-44070

...

openSUSE Security Advisory (SUSE-SU-2024:3108-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3108-1 Security update for frr

This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgpattrencap bsc1229438...

SUSE-SU-2024:3090-1 Security update for frr

This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgpattrencap bsc1229438...

SUSE CVE-2024-44070

An issue was discovered in FRRouting FRR through 10.1. bgpattrencap in bgpd/bgpattr.c does not check the actual remaining stream length before taking the TLV value...