Lucene search
K

69 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an...

3.7CVSS6.1AI score0.00301EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

DEBIAN-CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS5.7AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.4 views

UBUNTU-CVE-2026-54900

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS5.7AI score0.00253EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

UBUNTU-CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.5 views

UBUNTU-CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.12 views

CVE-2026-54696

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...

3.7CVSS0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-54696

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...

3.7CVSS6AI score0.00301EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/30 10:5 p.m.4 views

CVE-2026-54696

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...

3.7CVSS6AI score0.00301EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:5 p.m.16 views

CVE-2026-54696

CVE-2026-54696 affects the Ruby JSON gem, specifically versions 2.9.0 through 2.19.8. The issue is a heap buffer overflow that occurs when the JSON generator handles an oversized streamed object written via JSON.dump(obj, io) or JSON::State#generate(obj, io). If a streamed object contains an atta...

3.7CVSS6AI score0.00301EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:5 p.m.24 views

CVE-2026-54696 Ruby JSON: JSON generator heap buffer overflow when streaming to an IO

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...

3.7CVSS0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54020

Name of the Vulnerable Software and Affected Versions Ruby JSON versions 2.9.0 through 2.19.8 Description A heap buffer overflow occurs when the JSON generator processes an oversized streamed object. Specifically, when streaming to an IO, the JSON.dumpobj, io and JSON::Stategenerateobj, io...

3.7CVSS6.2AI score0.00301EPSS
Exploits0References4
RubySec
RubySec
added 2026/06/30 12:0 a.m.5 views

JSON generator heap buffer overflow when streaming to an IO

Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0 through 2.19.8 are vulnerable to heap buffer overflow when the JSON generator is provided with an oversized streamed object. When streaming to an IO JSON.dumpobj, io and JSON::Stategenerateobj, io can write past the internal JSON generat...

3.7CVSS6.1AI score0.00301EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

AlmaLinux 10 : ruby4.0 (ALSA-2026:20606)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

9.1CVSS6.8AI score0.01131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

RockyLinux 10 : ruby4.0 (RLSA-2026:20606)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20606 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

9.1CVSS6.8AI score0.01131EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.26 views

ruby:4.0 security update

An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

9.1CVSS6.7AI score0.01131EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

RHEL 10 : ruby4.0 (RHSA-2026:20606)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20606 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and ...

9.1CVSS6.2AI score0.01131EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 7:42 a.m.12 views

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

9.1CVSS6.3AI score0.00838EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 1:1 a.m.21 views

CLEANSTART-2026-GE08280 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

9.8CVSS6.8AI score0.02164EPSS
Exploits4References48
OSV
OSV
added 2026/04/09 12:54 a.m.10 views

CLEANSTART-2026-RZ30606 Ruby JSON is a JSON implementation for Ruby

Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details...

9.8CVSS6.6AI score0.02164EPSS
Exploits1References34
Fedora
Fedora
added 2026/03/28 12:19 a.m.9 views

[SECURITY] Fedora 44 Update: rubygem-json-2.19.2-1.fc44

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

9.1CVSS5.9AI score0.00838EPSS
Exploits0
Rows per page
Query Builder