29 matches found
OESA-2026-2426 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
OESA-2026-2425 jq security update
jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...
EUVD-2026-13150
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
CVE-2026-3548
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...
OPENSUSE-SU-2026:20340-1 Security update for cJSON
This update for cJSON fixes the following issues: - Update to version 1.7.19 Check for NULL in cJSONDetachItemViaPointer. Check overlap before calling strcpy in cJSONSetValuestring. Fix Max recursion depth for cJSONDuplicate to prevent stack exhaustion. Allocate memory for the temporary buffer wh...
Ubuntu: Security Advisory (USN-7973-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7973-1: cJSON vulnerabilities
It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-26819 It was discovered that cJSON may perform out-of-bounds read when processing specially crafted JSON files using parseobject. An attacker...
USN-7973-1 cjson vulnerabilities
It was discovered that cJSON incorrectly handled parsing large numbers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-26819 It was discovered that cJSON may perform out-of-bounds read when processing specially crafted JSON files using parseobject. An attacker...
CLSA-2025-1765545936 haproxy: Fix of CVE-2025-11230
CVE-2025-11230: fix possible DoS in mjson library when parsing numbers...
Security update for cJSON
This update for cJSON fixes the following issues: CVE-2023-26819: Allocate memory for the temporary buffer when paring numbers bsc1241502 CVE-2025-57052: Fix the incorrect check in decodearrayindexfrompointer bsc1249112 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2025:03520-1 Security update for cJSON
This update for cJSON fixes the following issues: - CVE-2023-26819: Allocate memory for the temporary buffer when paring numbers bsc1241502 - CVE-2025-57052: Fix the incorrect check in decodearrayindexfrompointer bsc1249112...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : HAProxy vulnerability (USN-7805-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7805-1 advisory. Oula Kivalo discovered that HAProxy incorrectly handled parsing certain json numbers. A remote attacker could possibly use this issue to cause...
EUVD-2024-23311
Malicious code in bioql PyPI...
EUVD-2023-1039
Malicious code in bioql PyPI...
[SECURITY] [DSA 6017-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6017-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2025 https://www.debian.org/security/faq -...
PT-2025-40954
Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.6.12-1+deb12u3 HAProxy versions prior to 3.0.11-1+deb13u1 HAProxy version 3.0.8-1ubuntu1.2 Description HAProxy is susceptible to a denial of service condition when parsing specific JSON numbers. An attacker could...
Fortinet Fortigate - IP address validation mishandles zero characters (FG-IR-23-446)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-446 advisory. - An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, versio...
CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...
parsson: Denial of Service due to large number parsing
A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...