Lucene search
K

17 matches found

OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54900

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 11:34 p.m.29 views

CVE-2026-54900

CVE-2026-54900 (Oj Gem) affects the Ruby gem Oj (Optimized JSON). In versions before 3.17.2, when running in usual mode with create_id enabled, Oj::Parser#parse is vulnerable to heap corruption via a negative-size memcpy. Specifically, if a JSON object key is exactly 65,535 bytes, an integer trun...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:34 p.m.34 views

CVE-2026-54900 Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 8:47 p.m.7 views

GHSA-9CV6-QCJW-4GRX Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.15 views

EUVD-2026-35477

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/12 3:30 p.m.4 views

EUVD-2019-20147

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key...

6.9CVSS6.1AI score0.00201EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/17 6:31 a.m.7 views

EUVD-2026-12534

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References4
NVD
NVD
added 2026/03/17 4:16 a.m.3 views

CVE-2026-0708

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS0.00387EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 2:28 a.m.1 views

CVE-2026-0708

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178052

Malicious code in load-integer-wind-byte-key npm...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2025/10/20 12:0 a.m.221 views

📄 Microsoft Windows Server Update Services Remote Code Execution

This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...

9.8CVSS6.9AI score0.99962EPSS
Exploits24
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-7027

Malware in sbrugna...

6.4CVSS6.1AI score0.01591EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the size of the encryption key for incoming connections, which could lead to a bypass of the...

8.1CVSS5.9AI score0.00091EPSS
Exploits0References7
0day.today
0day.today
added 2024/02/28 12:0 a.m.354 views

Saflok - Key Derication Function Exploit

// Exploit Title: Saflok KDF // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/09/21 3:30 p.m.5 views

Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2019/04/09 12:0 a.m.29 views

Linux/x64 - XANAX Decoder Shellcode (127 bytes)

Linux/x64 - XANAX Decoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Decoder ; Author: Alan Vivona ; Description: Reverts the xor-add-not-add-xor sequence using the same 4 byte key and executes the encoded payload. ; Tested on: x86-x64 GNU/Linux global start section .text keys.xor1 equ 0x29...

0.5AI score
Exploits0
myhack58
myhack58
added 2016/04/15 12:0 a.m.37 views

Petya of Salsa: a modified algorithm to bring the defect-vulnerability warning-the black bar safety net

Previously the Hubble analysis of the system describes about the modified MBR for disk encryption extortion Trojan Petya's. Recently Leo Stone gives crack Petya key full blasting code and decrypt tool, and noted that Petya author is using a variant of the Salsa20 algorithm to perform key...

7AI score
Exploits0
Rows per page
Query Builder