DEBIAN-CVE-2019-2391

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to...

Stack overflow

libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow...

CVE-2020-7248

CVE-2020-7248 affects the OpenWrt libubox library. Multiple sources describe a stack-based buffer overflow caused by a vulnerability in the tagged binary data JSON serialization, specifically in JSON conversion of binary blobs via blobmsg_format_json. The issue impacts OpenWrt before 18.06.7 and ...

Security Advisory 2020-01-31-2 - libubox tagged binary data JSON serialization vulnerability (CVE-2020-7248)

DESCRIPTION Possibly exploitable vulnerability exists in the libubox library of OpenWrt, specifically in the parts related to JSON conversion of tagged binary data, so called blobs. An attacker could possibly exploit this behavior by providing specially crafted binary blob or JSON which would the...

Ajenti 2.1.31 Command Injection Exploit

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned. This module requires Metasploit: https://metasploit.com/download Current source:...

GitLab: JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions

The Quick Actions interpreter allows an attacker to reference a Project it does not have access to. The model attributes are then being serialized and returned to the user, which results in the Runner token both encrypted and unencrypted being returned to the user. This vulnerability is currently...

CVE-2016-5898

IBM Jazz Reporting Service JRS could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information...

Information disclosure

IBM Jazz Reporting Service JRS could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information...

CVE-2016-5898

IBM Jazz Reporting Service JRS could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information...

PHP JsonSerializable::jsonSerialize json_encode Local Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP 7.0 A local denial of service vulnerability exists in JsonSerializable::jsonSerialize jsonencode. Allows an attacker to exploit the vulnerability to launch a denial of service attack...

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

Cross site request forgery (csrf)

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

CVE-2013-7224

Fat Free CRM before 0.12.1 is vulnerable due to unrestricted JSON serialization, allowing remote attackers to obtain sensitive information via a direct request (e.g., /users/1.json). This is supported by multiple sources in connected documents. The issue has a confirmed fix; upgrading to 0.12.1 (...

[USN-1887-1] OpenStack Swift vulnerabilities

========================================================================== Ubuntu Security Notice USN-1887-1 June 20, 2013 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

Ubuntu 12.04 LTS / 12.10 / 13.04 : swift vulnerabilities (USN-1887-1)

Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcacheserializationsupport option to suppo...

USN-1887-1: OpenStack Swift vulnerabilities

Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcacheserializationsupport option to suppo...

[SECURITY] Fedora 19 Update: php-pecl-jsonc-1.3.1-1.fc19

The php-pecl-jsonc module will add support for JSON JavaScript Object Nota tion serialization to PHP. This is a dropin alternative to standard PHP JSON extension which use the json-c library parser...