Lucene search
K

227 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55838

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str word get0set function within the libr/util/str.c file. This issue allows a local attacker to trigger the overflow through specific manipulation...

5.5CVSS5.9AI score0.00129EPSS
Exploits1References11
Mageia
Mageia
added 2026/06/10 5:7 a.m.27 views

Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

8.7CVSS6.9AI score0.00559EPSS
Exploits7References9
OSV
OSV
added 2026/06/10 5:7 a.m.12 views

MGASA-2026-0188 Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

8.7CVSS6AI score0.00559EPSS
Exploits7References10
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

MySQL MCP Server 注入漏洞

The MySQL MCP Server is a security connection tool developed by Dana K. Williams. It allows interaction between AI and MySQL databases. Versions of the MySQL MCP Server prior to 0.2.2 have a vulnerability due to improper handling of the parameter uristr in the readresource function of the...

6.5CVSS6.6AI score0.00205EPSS
Exploits0References2
Amazon
Amazon
added 2026/05/26 12:0 a.m.17 views

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in...

9.8CVSS5.8AI score0.00393EPSS
Exploits3
OSV
OSV
added 2026/05/21 5:15 a.m.8 views

USN-8202-3 jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

7.5CVSS6AI score0.00366EPSS
Exploits0References3
Debian
Debian
added 2026/05/17 3:53 p.m.29 views

[BSA-134] Security Update for jq

ChangZhuo Chen uploaded new packages for jq which fixed the following security problems: CVE-2026-32316 jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings...

8.2CVSS6.2AI score0.00559EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 11:35 a.m.8 views

CLSA-2026-1778174671 cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

7.5CVSS7.1AI score0.08036EPSS
Exploits1References1
CloudLinux
CloudLinux
added 2026/05/08 11:35 a.m.11 views

cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

7.5CVSS7.1AI score0.08036EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.8 views

Ruby net-imap < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by multiple vulnerabilities. - The Net::IMAP::ResponseReader component is affected by a quadratic time complexity flaw when parsing...

9.8CVSS6.1AI score0.00813EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions...

9.1CVSS6.1AI score0.00376EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/01 5:25 p.m.6 views

CVE-2026-43028

A flaw was found in the Linux kernel's netfilter xtables component. This vulnerability arises from the system's failure to ensure that certain names are properly ended with a null character before being used by functions designed for standard text strings. This oversight could lead to incorrect...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/04/28 4:18 a.m.15 views

USN-8202-2: jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
OSV
OSV
added 2026/04/23 7:35 a.m.7 views

USN-8202-1 jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS6AI score0.00559EPSS
Exploits5References7
Ubuntu
Ubuntu
added 2026/04/23 7:35 a.m.12 views

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS5.9AI score0.00559EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014275 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions,...

8.2CVSS6AI score0.00484EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.7 views

SUSE CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

6.8CVSS6AI score0.00484EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Versions of jq prior to 1.8.1 have a vulnerability related to input validation errors. This vulnerability stems from integer overflows in the jvpstringAppend and jvpstringCopyReplaceBad functions, which may lead to ...

8.2CVSS6.1AI score0.00484EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad...

8.2CVSS7.4AI score0.00484EPSS
Exploits1References3
Rows per page
Query Builder