Lucene search
K

49 matches found

CVE
CVE
added 4 days ago22 views

CVE-2026-54592

The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-54500 Oj: intern.c form_attr has an uninitialized stack read

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the bufappendstring function. An attacker can cause heap corruption and process crashes by supplying a specially crafted JSON string larger than 2 GB, which triggers an integer overflow and results in...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the Oj::Parser when operating in SAJ mode with object keys of 35 bytes or longer. An attacker can cause a segmentation fault by triggering garbage collection within a callback, leading to use of a freed memory pointer...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...

9.1CVSS5.8AI score0.00117EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the fillindent function when serializing Exception objects with a large indentation value. An attacker can corrupt adjacent heap memory and potentially execute arbitrary code or cause a crash by supplying...

8.7CVSS6.2AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through recursive calls to the eachchild function when processing deeply nested input. An attacker can cause the process to crash and trigger a denial of service by supplying a specially crafted, deeply nested JSON...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 7:35 p.m.3 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the formattr function when parsing a JSON object with a key of 254 bytes or longer using Oj.load in :object mode. An attacker can obtain sensitive stack memory contents by supplying a crafted JSON payloa...

6.9CVSS5.9AI score0.00197EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/09 1:57 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Quay 3.17.3

Red Hat Quay 3.17.3 is now available with bug fixes. Quay 3.17.3...

8.8CVSS5.4AI score0.00413EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/18 1:7 a.m.13 views

WordPress GSpeech TTS – WordPress Text To Speech Plugin plugin <= 3.17.13 - Authenticated (Admin+) SQL injection vulnerability

Authenticated Admin+ SQL injection vulnerability discovered by Moose Love in WordPress Plugin GSpeech TTS versions = 3.17.3...

4.9CVSS8.1AI score0.00374EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414605 advisory. Improper input validation in the IntelR Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service...

5.5CVSS6.8AI score0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10671

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00407EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-32387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parse...

6.5CVSS6.8AI score0.00407EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/27 12:0 a.m.3 views

SUSE SLES15 Security Update : helm (SUSE-SU-2025:01596-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-2 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release...

5.6AI score
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/06/12 2:50 p.m.3 views

Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/12 12:0 a.m.6 views

PT-2025-26575 · Suse · Helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.3 views

SUSE SLES15: helm / helm-bash-completion / helm-fish-completion / etc (SUSE-SU-2025:01596-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-1 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to thi...

5.8AI score
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/05/20 7:55 a.m.1 views

Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...

7.4AI score
Exploits0
OSV
OSV
added 2025/05/20 7:55 a.m.4 views

SUSE-SU-2025:01596-1 Security update for helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.5 views

PT-2025-23276 · Suse · Helm

This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...

7.3AI score
Exploits0References2
Rows per page
Query Builder