4 matches found
OESA-2026-2425 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
PT-2026-39710
Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description Top-level programs loaded from a file using the '-f' flag are truncated at the first embedded NUL byte. A specially crafted filter file containing a NUL byte followed by an arbitrary suffix will compil...
CLSA-2026-1776971672 php: Fix of 3 CVEs
CVE-2021-21707: fix NUL byte truncation in XML/DOM URI file loading - CVE-2022-31628: fix phar wrapper denial of service when loading compressed quine archives - CVE-2022-31629: discard HTTP variables that mangle into Host- or Secure- prefixes...
MiracleLinux 8 : python3.11-3.11.5-1.el8 (AXSA:2023-7136:08)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7136:08 advisory. python: tarfile module directory traversal CVE-2007-4559 python: file path truncation at \0 characters CVE-2023-41105 Tenable has extracted the...