Lucene search
K

325 matches found

Nuclei
Nuclei
added 3 days ago186 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.1AI score0.99838EPSS
Exploits21References5
Fedora
Fedora
added 5 days ago10 views

[SECURITY] Fedora 43 Update: rust-jiter-0.16.0-1.fc43

Fast Iterable JSON parser...

5.9AI score
Exploits0
Fedora
Fedora
added 5 days ago14 views

[SECURITY] Fedora 43 Update: python-jiter-0.16.0-1.fc43

Fast iterable JSON parser...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/07/02 7:33 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the parser when processing JSON input. An attacker can cause excessive CPU and memory consumption by submitting very large or deeply nested JSON...

8.7CVSS6AI score0.00366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerab...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 12:16 a.m.8 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 12:16 a.m.6 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.5 views

DEBIAN-CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS5.7AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54900

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.5 views

UBUNTU-CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:34 p.m.35 views

CVE-2026-54900 Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS0.00253EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 11:24 p.m.6 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 11:22 p.m.5 views

CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 11:16 p.m.5 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score0.00263EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 11:10 p.m.4 views

CVE-2026-54502

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without...

6.3CVSS6.1AI score0.00257EPSS
Exploits0
Rows per page
Query Builder