213 matches found
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
[SECURITY] [DLA 4662-1] jq security update
Debian LTS Advisory DLA-4662-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson July 01, 2026 https://wiki.debian.org/LTS Package : jq Version : 1.6-2.1+deb12u2 CVE ID : CVE-2026-32316 CVE-2026-33947 CVE-2026-33948 CVE-2026-39956 CVE-2026-39979 CVE-2026-40164...
Debian dla-4662 : jq - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4662 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4662-1 [email protected]...
CVE-2026-49839
A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...
Linux Distros Unpatched Vulnerability : CVE-2026-54679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive...
jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow
...
CVE-2026-47770
A flaw was found in jq, a command-line JSON processor. This vulnerability allows a local user or an attacker providing malicious input to cause a denial of service DoS by comparing two sufficiently deeply nested arrays using the '==' operator. This action exhausts the C stack due to uncontrolled...
CVE-2026-47770
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
CVE-2026-49839
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
CVE-2026-47770 jq: stack overflow in deep structural equality
jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on jq's ordinary command-line surface, resulting in denial of service via stack exhaustion uncontrolled recursion. The crash occurs in jq's recursive...
EUVD-2026-39500
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
Oracle Linux 9 : jq (ELSA-2026-19365)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19365 advisory. - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized Tenab...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.33 bug fix and security update
Red Hat OpenShift Container Platform release 4.19.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...
CVE-2026-40612 affecting package jq for versions less than 1.7.1-6
CVE-2026-40612 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-43896 affecting package jq for versions less than 1.7.1-6
CVE-2026-43896 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-44777 affecting package jq for versions less than 1.7.1-6
CVE-2026-44777 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-41256 affecting package jq for versions less than 1.7.1-6
CVE-2026-41256 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
CVE-2026-41257 affecting package jq for versions less than 1.7.1-6
CVE-2026-41257 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...
RLSA-2026:19151 Important: jq security update
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...