342 matches found
jq 安全漏洞
jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...
Linux Distros Unpatched Vulnerability : CVE-2026-40612
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input...
PT-2026-39709
Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The jv contains function recurses into nested arrays and objects without a depth limit. When processing a sufficiently nested input structure, this can lead to C stack exhaustion, causing the application ...
OESA-2026-2230 uriparser security update
The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...
SUSE CVE-2026-41673
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...
PT-2026-39305
Name of the Vulnerable Software and Affected Versions eml parser version 3.0.0 Description A recursion denial of service exists in the get raw body text function within eml parser/parser.py. The function recurses unconditionally for every nested message/rfc822 attachment without a depth limit. An...
RLSA-2026:13917 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion...
RockyLinux 9 : fence-agents (RLSA-2026:13917)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13917 advisory. pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-30922 Tenable has extracted the preceding description block directly from the...
Important: Red Hat Security Advisory: Release of components for Service Telemetry Framework 1.5.7
Release of components for the Service Telemetry Framework Service Telemetry Framework STF provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat...
pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
AlmaLinux 10 : fence-agents (ALSA-2026:13916)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13916 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...
RHEL 8 : resource-agents (RHSA-2026:13902)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:13902 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several servic...
Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion...
ALSA-2026:13917 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion...
GHSA-R7CG-QJJM-XHQQ webonyx/graphql-php has unbounded recursion in parser that causes stack overflow on crafted nested input
Summary GraphQL\Language\Parser is a recursive descent parser with no recursion depth limit and no zend.maxallowedstacksize interaction. Crafted nested queries trigger a SIGSEGV in the PHP runtime, killing the FPM/CLI worker process. Smallest crashing payload is approximately 74 KB. Affected...
webonyx/graphql-php has unbounded recursion in parser that causes stack overflow on crafted nested input
Summary GraphQL\Language\Parser is a recursive descent parser with no recursion depth limit and no zend.maxallowedstacksize interaction. Crafted nested queries trigger a SIGSEGV in the PHP runtime, killing the FPM/CLI worker process. Smallest crashing payload is approximately 74 KB. Affected...
DEBIAN-CVE-2026-44028
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...
CVE-2026-44028
CVE-2026-44028 affects Nix and Lix: unbounded recursion in the NAR (Nix Archive) parser can cause a stack-to-heap overflow when parsing on a coroutine stack. The stack lacks a guard page, enabling a stack overflow to overwrite heap memory and potentially execute arbitrary code as the Nix daemon (...