Lucene search
K

7211 matches found

NVD
NVD
added 2026/07/01 12:16 a.m.5 views

CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54930

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description An issue exists in the handling of long filenames when LFN Long File Name is enabled. The fno.fname variable can contain up to 255 characters, which may lead to a buffer overflow if callers copy thi...

7.6CVSS6.3AI score0.0021EPSS
Exploits2References10
OSV
OSV
added 2026/06/30 11:39 p.m.6 views

BIT-ENVOY-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS6.5AI score0.0061EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 11:8 p.m.5 views

CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS5.9AI score0.00197EPSS
Exploits0
CVE
CVE
added 2026/06/30 11:8 p.m.26 views

CVE-2026-54500

Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:8 p.m.33 views

CVE-2026-54500 Oj: intern.c form_attr has an uninitialized stack read

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/30 2:28 p.m.8 views

CVE-2026-53432

A flaw was found in fzf. An integer overflow vulnerability exists in the FuzzyMatchV2 function when processing exceptionally long input lines and patterns. This can lead to the application terminating unexpectedly with a non-recoverable panic, resulting in a Denial of Service DoS. A local user...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 12:57 p.m.17 views

EUVD-2026-40315

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

6.5CVSS5.9AI score0.00329EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/30 12:1 p.m.32 views

CVE-2026-53432 Integer Overflow in fzf

fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a...

5.6CVSS0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 2:58 a.m.10 views

CVE-2026-11979

A flaw was found in libxml2, specifically within the xmlcatalog utility when operating in shell mode. An attacker can exploit multiple stack-based buffer overflows by providing an excessively long input line. This leads to memory corruption, which may cause the application to crash or potentially...

7.8CVSS6.2AI score0.00148EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/29 7:38 p.m.5 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS5.9AI score0.00609EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 3:29 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.5

Red Hat OpenShift Service Mesh 3.3.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-501 pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. pyminizip uses version 1.2.11 of zlib's code...

9.8CVSS7.4AI score0.02918EPSS
Exploits0References17
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-342 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

9.3CVSS5.8AI score0.00767EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53312

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...

5.5CVSS5.9AI score0.00112EPSS
Exploits0
NVD
NVD
added 2026/06/26 6:17 p.m.8 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

7.5CVSS0.0061EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 5:38 p.m.36 views

CVE-2026-48706 Envoy Heap Buffer Overflow in TcpStatsdSink

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS0.0061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 5:38 p.m.5 views

CVE-2026-48706

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...

5.9CVSS6.5AI score0.0061EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder