15 matches found
CVE-2026-49839
A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...
CVE-2026-49839
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
CVE-2026-49839 jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
EUVD-2026-39500
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
CVE-2026-49839
Summary: CVE-2026-49839 affects jq prior to 1.8.2, where in the --rawfile path an oversized string can trigger invalid-state reuse and heap-buffer-overflow writes. In detail, when jv_load_file(raw=1) reads attacker-controlled data, file chunks are appended to a single jv string accumulator; after...
CVE-2026-49839
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
EUVD-2025-28660
Malicious code in bioql PyPI...
CVE-2025-58061
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...
CVE-2025-58061
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...
CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...
CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...
CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...
CVE-2025-58061
OpenEBS Local PV RawFile before v0.10.0 stores persistent volume data under /var/csi/rawfile/ with world-readable permissions, enabling non-privileged users to access potentially sensitive data such as databases in Kubernetes workloads. The issue is fixed in v0.10.0. Affected product: OpenEBS Loc...
OpenEBS Local PV RawFile 信息泄露漏洞
OpenEBS Local PV RawFile is an OpenEBS open source for creating local storage in Kubernetes. An information disclosure vulnerability exists in OpenEBS Local PV RawFile versions prior to 0.10.0 that stems from persistent volume data being globally readable, which could lead to unprivileged users...
PT-2025-35146
Name of the Vulnerable Software and Affected Versions: OpenEBS versions prior to 0.10.0 Description: OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable,...