Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - For partitions: fixed handling of bogus partition tables. Several issues in partition probing have been fixed: - The bailout mechanism for a bad partoffset must use putdevsector, since the previous readpartsector call...

MGASA-2026-0188 Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

Updated jq packages fix security vulnerabilities

An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. CVE-2024-23337 It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of...

MySQL MCP Server 注入漏洞

The MySQL MCP Server is a security connection tool developed by Dana K. Williams. It allows interaction between AI and MySQL databases. Versions of the MySQL MCP Server prior to 0.2.2 have a vulnerability due to improper handling of the parameter uristr in the readresource function of the...

Important: openexr

Issue Overview: OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in...

USN-8202-3 jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

[BSA-134] Security Update for jq

ChangZhuo Chen uploaded new packages for jq which fixed the following security problems: CVE-2026-32316 jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings...

PT-2026-40293

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb convert encoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

CLSA-2026-1778174671 cyrus-sasl: Fix of CVE-2019-19906

CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...

Ruby net-imap < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by multiple vulnerabilities. - The Net::IMAP::ResponseReader component is affected by a quadratic time complexity flaw when parsing...

Linux Distros Unpatched Vulnerability : CVE-2026-42216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions...

CVE-2026-43028

A flaw was found in the Linux kernel's netfilter xtables component. This vulnerability arises from the system's failure to ensure that certain names are properly ended with a null character before being used by functions designed for standard text strings. This oversight could lead to incorrect...

USN-8202-2: jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

USN-8202-1 jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014275 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions,...

SUSE CVE-2026-32316

jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer...

jq 输入验证错误漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Versions of jq prior to 1.8.1 have a vulnerability related to input validation errors. This vulnerability stems from integer overflows in the jvpstringAppend and jvpstringCopyReplaceBad functions, which may lead to ...

Linux Distros Unpatched Vulnerability : CVE-2026-32316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad...