687 matches found
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
openSUSE 16 Security Update : jq (openSUSE-SU-2026:21248-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21248-1 advisory. - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input...
Amazon Linux 2 : jq, --advisory ALAS2-2026-3496 (ALAS-2026-3496)
The version of jq installed on the remote host is prior to 1.6-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3496 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend a...
SUSE-SU-2026:22566-1 Security update for jq
This update for jq fixes the following issues: - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input bsc1244116. - CVE-2026-32316: integer overflow within the jvpstringappend and jvpstringcopyreplacebad...
OESA-2026-2804 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
MiracleLinux 9 : jq-1.6-19.el9_8.2 (AXSA:2026-1020:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1020:03 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...
[SECURITY] [DLA 4662-1] jq security update
Debian LTS Advisory DLA-4662-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson July 01, 2026 https://wiki.debian.org/LTS Package : jq Version : 1.6-2.1+deb12u2 CVE ID : CVE-2026-32316 CVE-2026-33947 CVE-2026-33948 CVE-2026-39956 CVE-2026-39979 CVE-2026-40164...
Debian dla-4662 : jq - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4662 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4662-1 [email protected]...
Debian dla-4661 : jq - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4661 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4661-1 [email protected]...
CVE-2026-49839
A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...
ROOT-OS-DEBIAN-12-CVE-2026-40164 CVE-2026-40164 in rootio-jq - Patched by Root
Root has patched CVE-2026-40164 in the rootio-jq package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-39979 CVE-2026-39979 in rootio-jq - Patched by Root
Root has patched CVE-2026-39979 in the rootio-jq package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-49839 CVE-2026-49839 in rootio-jq - Patched by Root
Root has patched CVE-2026-49839 in the rootio-jq package for Root:Debian:12. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2026-54679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive...
jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow
...
SUSE CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
OPENSUSE-SU-2026:11133-1 jq-1.8.2-1.1 on GA media
These are all security issues fixed in the jq-1.8.2-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-54679
A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exploit an integer overflow vulnerability in the jvpstringappend function. This could lead to a massive buffer overrun, resulting in a denial of service DoS condition. Mitigation Mitigation for this...
CVE-2026-47770
A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an attacker providing malicious input to cause a denial of service DoS by comparing two sufficiently deeply nested arrays using the '==' operator. This action exhausts the C stack due to uncontrolled...
CVE-2026-47770
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...