Lucene search
K

355 matches found

UbuntuCve
UbuntuCve
added 2026/04/14 12:16 a.m.6 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.6 views

Evaluating Differential Privacy against Membership Inference in Federated Learning: Insights from the NIST Genomics Red Team Challenge

While Federated Learning FL mitigates direct data exposure, the resulting trained models remain susceptible to membership inference attacks MIAs. This paper presents an empirical evaluation of Differential Privacy DP as a defense mechanism against MIAs in FL, leveraging the environment of the 202...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/13 11:51 p.m.35 views

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS0.00256EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/13 11:51 p.m.4 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS5.6AI score0.00256EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/04/13 11:51 p.m.3 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS5.9AI score0.00256EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 11:51 p.m.24 views

CVE-2026-33948

CVE-2026-33948 affects jq, a command-line JSON processor. Before commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b, input parsing uses strlen() on data read from files or stdin, causing truncation at the first NUL byte and validating only the prefix as JSON. This enables an attacker to craft input ...

6.3CVSS6AI score0.00256EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 11:51 p.m.12 views

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/04/10 8:2 a.m.4 views

apparmor: fix differential encoding verification

...

7.1CVSS5.8AI score0.00177EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.5 views

Digital Privacy in IoT: Exploring Challenges, Approaches and Open Issues

Privacy has always been a critical issue in the digital era, particularly with the increasing use of Internet of Things IoT devices. As the IoT continues to transform industries such as healthcare, smart cities, and home automation, it has also introduced serious challenges regarding the security...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be...

5.5CVSS6.2AI score0.00177EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/02 8:39 a.m.7 views

SUSE CVE-2026-23406

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2026/04/02 8:39 a.m.9 views

SUSE CVE-2026-23407

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2026/04/02 8:39 a.m.9 views

SUSE CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References22
RubySec
RubySec
added 2026/04/02 12:0 a.m.36 views

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 1:49 p.m.3 views

CVE-2026-23406

A flaw was found in AppArmor within the Linux kernel. The matchchar macro, when processing differential encoding chains, incorrectly advances the string pointer multiple times. This can lead to an out-of-bounds read when the pointer moves beyond the input buffer boundary. A local attacker could...

6AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 1:38 p.m.7 views

CVE-2026-23409

A flaw was found in AppArmor, a security module in the Linux kernel. This vulnerability occurs due to incorrect verification of differential encoding chains, which are designed to prevent malicious loops. An attacker could exploit this flaw by crafting a specially designed differential encoding...

5.9AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/01 9:31 a.m.9 views

EUVD-2026-17839

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.7AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/01 9:31 a.m.3 views

EUVD-2026-17834

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in matchchar macro usage The matchchar macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with str++, the string pointer advances on eac...

5.9AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/01 9:31 a.m.5 views

EUVD-2026-17835

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verifydfa The verifydfa function only checks DEFAULTTABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential encoding...

5.7AI score0.00181EPSS
Exploits0References6
NVD
NVD
added 2026/04/01 9:16 a.m.7 views

CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.5CVSS0.00177EPSS
Exploits0References8
Rows per page
Query Builder