66 matches found
EulerOS Virtualization 2.10.0 : yajl (EulerOS-SA-2026-1204)
According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes wi...
EulerOS Virtualization 2.10.1 : yajl (EulerOS-SA-2026-1152)
According to the versions of the yajl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes wi...
TencentOS Server 3: yajl (TSSA-2022:0235)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0235 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Critical Photon OS Security Update - PHSA-2025-4.0-0903
Updates of 'rubygem-yajl-ruby', 'polkit', 'curl', 'lasso' packages of Photon OS have been released...
EUVD-2017-0355
Malware in sbrugna...
EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1608)
According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...
EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1609)
According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...
Astra Linux - уязвимость в yajl
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
Linux Distros Unpatched Vulnerability : CVE-2022-24795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...
Linux Distros Unpatched Vulnerability : CVE-2017-16516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...
OESA-2025-1156 yajl security update
yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in...
Azure Linux 3.0 Security Update: rubygem-yajl-ruby (CVE-2022-24795)
The version of rubygem-yajl-ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24795 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the...
Advisory ROSA-SA-2024-2478
software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1. An upgraded version of the package is available that resolves this issue...
ROS-20240606-06
A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
RHEL 8 : rubygem-yajl-ruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-yajl-ruby: Yajl::Parser.new.parse incorrect parsing CVE-2017-16516 Note that Nessus has not tested for this...
Updated yajl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...
Debian dla-3516 : burp - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3516 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3516-1 [email protected]...
Medium: yajl
Issue Overview: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in...
SUSE CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...