17 matches found
Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1815)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1815 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating string...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
PT-2026-32541
Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description A command-line JSON processor is subject to a denial of service. The functions jv setpath, jv getpath, and delpaths sorted in src/jv aux.c use unbounded recursion where the depth is controlled by the...
EUVD-2025-29297
Malicious code in bioql PyPI...
CVE-2025-43375
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
CVE-2025-43375
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
CVE-2025-43375
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
CVE-2025-43375
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
CVE-2025-43375
The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...
CVE-2025-43370
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
CVE-2025-43370
CVE-2025-43370 affects Apple Xcode 26, where a path handling issue can crash a process when processing an oversized path. The root cause is improved validation of path input in Xcode 26 development tooling, with confirmed fix in the Xcode 26 release. Public sources across Red Hat, CNVD, NVD, and ...
CVE-2025-43370
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process...
Apple Xcode 安全漏洞
Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a denial of service vulnerability that originates from a process crash when handling too large a path value. An attacker can...
PT-2025-37859
Name of the Vulnerable Software and Affected Versions: Xcode version 26 Description: Processing an overly large path value may crash a process. This issue is fixed with improved checks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
AZL-51927 CVE-2024-50083 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: requestsocksubflowv4: Possible SYN flooding on port :::20002. Sending cookies. ------------ cut here ------------ WARNING:...
systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges...