Lucene search
K

22 matches found

Mageia
Mageia
added 2026/06/10 5:7 a.m.21 views

Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

8.7CVSS6.9AI score0.00559EPSS
Exploits7References9
OSV
OSV
added 2026/06/10 5:7 a.m.10 views

MGASA-2026-0188 Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

8.7CVSS6AI score0.00559EPSS
Exploits7References10
OSV
OSV
added 2026/05/29 1:34 p.m.10 views

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2424 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
OSV
OSV
added 2026/05/18 4:56 p.m.7 views

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00366EPSS
Exploits7References1
OSV
OSV
added 2026/05/16 12:20 p.m.5 views

CLSA-2026-1778934026 Fix CVE(s): CVE-2026-42010

SECURITY UPDATE: Authentication bypass via NUL-byte truncation in RSA-PSK username lookup - debian/patches/CVE-2026-42010.patch: replace strleninfo-username with info-usernamelen in gnutlsprocrsapskclientkx in lib/auth/rsapsk.c to prevent NUL-byte truncation allowing username matching with...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.10 views

SUSE CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References3
OSV
OSV
added 2026/05/11 6:16 p.m.4 views

UBUNTU-CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References4
CVE
CVE
added 2026/05/11 5:18 p.m.29 views

CVE-2026-41256

The CVE affects jq up to version 1.8.1. Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by � and arbitrary suffix compiles and executes as only the prefix before the NUL, leading to a ...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities. These vulnerabilities arise from the top-level jq program loaded via the -f parameter being truncated at the first NUL byte. This can result in the...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 7:20 p.m.14 views

CLSA-2026-1776972009 php: Fix of 3 CVEs

CVE-2021-21707: fix NUL byte truncation in XML/DOM URI file loading - CVE-2022-31628: fix phar wrapper denial of service when loading compressed quine archives - CVE-2022-31629: discard HTTP variables that mangle into Host- or Secure- prefixes...

6.5CVSS6.8AI score0.49336EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/04/13 11:51 p.m.11 views

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 11:51 p.m.22 views

CVE-2026-33948

CVE-2026-33948 affects jq, a command-line JSON processor. Before commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b, input parsing uses strlen() on data read from files or stdin, causing truncation at the first NUL byte and validating only the prefix as JSON. This enables an attacker to craft input ...

6.3CVSS6AI score0.00256EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.194 views

📄 7-Zip 25.00 Zip Slip Directory Traversal

7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...

7.8CVSS7AI score0.27017EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-6521

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might ...

9.8CVSS8.1AI score0.03111EPSS
Exploits1References2
NVD
NVD
added 2025/03/13 5:15 p.m.11 views

CVE-2025-2265

The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...

7.8CVSS0.0014EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/08/29 2:9 a.m.3 views

SUSE CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...

6.7CVSS8.7AI score0.02187EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.5 views

SUSE CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

5.3CVSS7.6AI score0.02767EPSS
Exploits1References8
OSV
OSV
added 2021/11/16 5:26 p.m.11 views

GHSA-H352-G5VW-3926 Improper Input Validation in fruity

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

7.5CVSS7.2AI score0.01314EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.4 views

The vulnerability of the PHP interpreter, which allows a remote attacker to create a file with an incorrect name

A vulnerability in the PHP interpreter’s moveuploadedfile function exists due to the truncation of the path when the character \x00 is present. As a result of exploiting this vulnerability, a malicious actor can create a file with an incorrect name, circumventing the restrictions imposed on the...

5CVSS6.7AI score0.08653EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder