Lucene search
K

5 matches found

OSV
OSV
added 2026/06/19 4:36 p.m.6 views

GHSA-5PRR-V3J2-97MH Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Summary Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an...

6.3CVSS5.9AI score
Exploits0References2
RubySec
RubySec
added 2026/05/20 12:0 a.m.8 views

CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler

SUMMARY A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo..., timeout: o...

8.1CVSS5.7AI score0.00478EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : yajl (EulerOS-SA-2026-1204)

According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes wi...

7.5CVSS5.9AI score0.03735EPSS
Exploits1References2
OSV
OSV
added 2017/11/03 3:29 p.m.1 views

UBUNTU-CVE-2017-16516

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...

7.5CVSS7.1AI score0.03735EPSS
Exploits1References5
RubySec
RubySec
added 2017/09/14 12:0 a.m.4 views

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

9.1CVSS7.5AI score0.09718EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder