Lucene search
K

8 matches found

Ubuntu
Ubuntu
added 2026/05/21 5:15 a.m.14 views

USN-8202-3: jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

7.5CVSS6AI score0.00366EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Photon OS 5.0: Jq PHSA-2026-5.0-0827

An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0827. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid307869...

8.2CVSS6.6AI score0.00559EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.6 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-33947)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33947 advisory. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath,...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/14 1:54 p.m.3 views

CVE-2026-33947

A flaw was found in jq, a command line JSON processor. Processing a crafted JSON document, specifically when a large array is used as a path argument to the jvsetpath, jvgetpath and delpathssorted functions can lead to an uncontrolled recursion and exhausts the call stack, causing an application...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References5
Circl
Circl
added 2026/04/14 1:12 a.m.4 views

CVE-2026-33947

creationtimestamp| type| source ---|---|--- 2026-04-14 01:12:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjg77wiex52z 2026-06-22 11:20:03+00:00| seen| https://bsky.app/profile/canartuc.com/post/3mourdgqfqt2u...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-33947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion...

6.2CVSS6.6AI score0.00234EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 9:50 p.m.31 views

CVE-2026-33947

Vulnerability summary (CVE-2026-33947) : In jq ≤ 1.8.1, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in src/jv_aux.c perform unbounded recursion whose depth is driven by a caller-supplied path array. A crafted JSON input (flat array ~65,000 integers, ~200 KB) used as a path argumen...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/13 9:50 p.m.3 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References3
Rows per page
Query Builder