MiracleLinux 9 : buildah-1.33.7-1.el9 (AXSA:2024-8134:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8134:04 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container,...

EUVD-2021-1020

Malware in sbrugna...

EUVD-2011-2515

Malware in sbrugna...

EUVD-2024-0879

Malicious code in bioql PyPI...

EUVD-2025-16356

Malicious code in bioql PyPI...

Fedora 42 : perl-JSON-XS (2025-53273e282c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-53273e282c advisory. This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse CVE-2025-40928 and causes...

Fedora 41 : perl-JSON-XS (2025-86573bd5d5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-86573bd5d5 advisory. This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse CVE-2025-40928 and causes...

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

Fedora 43 : perl-JSON-XS (2025-8b24ea25bb)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8b24ea25bb advisory. This update updates perl-JSON-XS 4.04. This version fixes heap overflow causing crashes, possibly information disclosure or worse CVE-2025-40928 and causes...

OESA-2025-1689 cri-o security update

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface. Security Fixes: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a...

CVE-2025-48942 vLLM DOS: Remotely kill vllm over http with invalid JSON schema

vLLM is an inference and serving engine for large language models LLMs. In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid jsonschema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex...

CVE-2025-48942 vLLM DOS: Remotely kill vllm over http with invalid JSON schema

vLLM is an inference and serving engine for large language models LLMs. In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid jsonschema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex...

GHSA-6QC9-V4R8-22XG vLLM DOS: Remotely kill vllm over http with invalid JSON schema

Summary Hitting the /v1/completions API with a invalid jsonschema as a Guided Param will kill the vllm server Details The following API call venv derekh@ip-172-31-15-108 $ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '"model":...

vLLM DOS: Remotely kill vllm over http with invalid JSON schema

Summary Hitting the /v1/completions API with a invalid jsonschema as a Guided Param will kill the vllm server Details The following API call venv derekh@ip-172-31-15-108 $ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '"model":...

CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements

Release of OpenShift Serverless Logic 1.35.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to a denial of service

Summary The IBM Fusion HCI and IBM Fusion Backup and Restore services are affected by a vulnerability in the Go package protobuf. The vulnerability allows for a denial of service if processing certain forms of invalid JSON. CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION:...

Important: docker

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

OPENSUSE-SU-2024:0206-1 Security update for cockpit

This update for cockpit fixes the following issues: - new version 320: pam-ssh-add: Fix insecure killing of session ssh-agent boo1226040, CVE-2024-6126 - changes in older versions: Storage: Btrfs snapshots Podman: Add image pull action Files: Bookmark support webserver: System user changes Metric...