Lucene search
+L

74 matches found

nessus
nessus
added 2026/07/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerab...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References3
nvd
nvd
added 2026/07/01 12:16 a.m.9 views

CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS0.00117EPSS
Exploits0References1
osv
osv
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References1
osv
osv
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/30 11:22 p.m.36 views

CVE-2026-54897 Oj : Use-After-Free in Oj::Doc Iterators via Reentrant Close

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS0.00117EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/30 11:22 p.m.6 views

CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0
cve
cve
added 2026/06/30 11:22 p.m.33 views

CVE-2026-54897

Oj (Optimized JSON) Ruby gem versions prior to 3.17.2 contain a heap use-after-free in Oj::Doc iterators (each_value, each_child, each_leaf). If a Ruby block yields during iteration and doc.close or d.close is called, the heap memory is freed while the C iterator is active, leading to a use-after...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References1
nvd
nvd
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53085

In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...

7.8CVSS0.00113EPSS
Exploits0References7
github
github
added 2026/06/19 7:36 p.m.16 views

Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/19 7:36 p.m.7 views

GHSA-9PPP-W3G4-FH4Q Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

8.7CVSS6.1AI score0.00117EPSS
Exploits0References2
snyk
snyk
added 2026/06/19 7:36 p.m.7 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the eachvalue, eachchild, or eachleaf iterators when a Ruby block executed during iteration calls the close method on the document or its child nodes. An attacker can cause memory corruption by invoking close within a...

8.2CVSS5.9AI score0.00117EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51083

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Doc iterators each value, each child, each leaf are subject to a heap use-after-free. This occurs when a Ruby block yielded during iteration calls doc.close or d.close, causing the document's heap...

8.7CVSS5.7AI score0.00117EPSS
Exploits0References4
osv
osv
added 2026/06/11 12:0 p.m.18 views

RUSTSEC-2026-0176 Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators

PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...

5.8AI score
Exploits0References3
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.20 views

NSA Ghidra 资源管理错误漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a resource management vulnerability. This vulnerability stemmed from iterator failures during the...

6.9CVSS5.5AI score0.00169EPSS
Exploits1References1
amazon
amazon
added 2026/05/26 12:0 a.m.23 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE CVE-2026-23401 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriti...

9.8CVSS6.2AI score0.00533EPSS
Exploits4
ubuntucve
ubuntucve
added 2026/05/08 3:16 p.m.10 views

CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References10
cvelist
cvelist
added 2026/05/08 2:22 p.m.66 views

CVE-2026-43439 cgroup: fix race between task migration and iteration

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

0.00089EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/05/08 2:22 p.m.12 views

CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-;cglist, &cset-;mgtasks; If a csstaskiter...

4.7CVSS5.6AI score0.00089EPSS
Exploits0References9Affected Software1
github
github
added 2026/04/09 8:28 p.m.12 views

Gramps Web API: Private Sub-Object Data in Non-Private Objects Exposed to Guest Users

Summary Users with the Guest role could receive private sub-object data e.g. private alternate names, private addresses, private note/citation/media handles through list API endpoints such as GET /api/people/, GET /api/places/, GET /api/events/, and all other object list endpoints. This does not...

5.9AI score
Exploits0References3Affected Software1
github
github
added 2026/03/20 9:51 p.m.8 views

webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correct provided CRLs would...

5.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder