Lucene search
K

945 matches found

Snyk
Snyk
added 2026/06/04 2:25 p.m.10 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash in the mlflow.data.digestutils function. An attacker can compromise data integrity or cause unexpected behavior by exploiting the use of a weak hash algorithm during dataset digest computation. PoC python import pandas ...

3.6CVSS5.4AI score0.00103EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/04 1:56 p.m.15 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/03 10:23 p.m.12 views

Use of Weak Hash

Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Use of Weak Hash in the calculatedataframehash function. An attacker can cause hash collisions between DataFrame artifact hashes. Remediation A fix was pushed into the master branc...

3.6CVSS5.5AI score0.00075EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/03 10:53 a.m.16 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/03 10:4 a.m.12 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
OSV
OSV
added 2026/05/29 4:3 p.m.13 views

RLSA-2026:19151 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

RockyLinux 10 : jq (RLSA-2026:19151)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19151 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 3:43 p.m.13 views

RLSA-2026:19365 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References3
OSV
OSV
added 2026/05/22 1:21 p.m.9 views

OESA-2026-2433 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 1:21 p.m.12 views

OESA-2026-2431 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 1:21 p.m.14 views

OESA-2026-2430 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 10:30 a.m.18 views

CLSA-2026-1779359429 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic runtime in attribute collision detection by using a hash table for default attribute names instead of an On^2 loop...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a transaction abort during file creation due to name hash collisions. If we attempt to create several files with names that result in the same hash, we must package them in the same directory item, and there is a...

5.5CVSS6.4AI score0.00163EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in gnupg2

A flaw was discovered in the way certificate signatures can be forged using collisions found in the SHA-1 algorithm. Attackers could exploit this weakness to create forged certificate signatures. This issue affects GnuPG versions prior to 2.2.18...

7.5CVSS6.1AI score0.0105EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 10:19 p.m.12 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/19 7:25 p.m.18 views

CVE-2026-45186

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/19 4:26 p.m.12 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.12 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.2AI score0.00233EPSS
Exploits1References6
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

ALSA-2026:19365 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
OSV
OSV
added 2026/05/19 12:0 a.m.13 views

ALSA-2026:19151 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Rows per page
Query Builder