138 matches found
Oracle Linux 9 : ruby:4.0 (ELSA-2026-20596)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20596 advisory. - Fix ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Resolves: RHEL-171258 - Fix JSON: Denial of Service or Information...
Malicious code in mongoose-json-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 910cc6eef707ac872daeb3a527e6dd9c75044ebb178f9eb48745f5cfd4123968 helpers.js defines a createLog helper that base64-decodes a constant HASHKEY to https://www.jsonkeeper.com/b/XVHGD an anonymous JSON-paste host and...
Astra Linux – Vulnerability in protobuf
There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...
Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
cereal 安全漏洞
Cereal is an open-source C++11 serialization library developed by iLab at USC. It supports binary, XML, and JSON formats. Versions of Cereal 1.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the Shared Pointer Handler component, which may lea...
CVE-2026-8502
Technical details for CVE-2026-8502 are not provided in the connected documents; the available description notes exposure via c_status and return_type in LearnPress
ALSA-2026:20596 Important: ruby:4.0 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...
[SECURITY] Fedora 43 Update: rpki-client-9.8-1.fc43
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
CVE-2026-40169
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19...
TinaCMS 安全漏洞
TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from string-based path validation in FilesystemBridge, which allowed operations on files outside of the...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Protocol Buffers vulnerability (USN-8063-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8063-1 advisory. It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict function is being...
OESA-2026-1432 protobuf security update
Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...
SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:0618-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0618-1 advisory. i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable...
SUSE-SU-2026:0618-1 Security update for protobuf
This update for protobuf fixes the following issues:i - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0563-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0563-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...
SUSE-SU-2026:20490-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...