Denial Of Service (DoS)

Jansson is vulnerable to denial of service DoS attacks. These attacks are possible though JSON data, causing deep recursion, stack consumption and eventually crashing the application...

Empty REST API result return for User without Browse Users permission

h3. Summary User A who do not have permission to Browse Users but have Administrator and/or System Administrator will have REST API result return empty. As an example of the json data return: code:borderStyle=dashed code h3. Steps to Reproduce Create User A Gives User A permission to Administrato...

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

Design/Logic Flaw

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

jq: heap-buffer-overflow in tokenadd() function

A heap-based buffer overflow flaw was found in jq's tokenadd function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system...

Updated jansson packages fix CVE-2016-4425

Updated jansson packages fix security vulnerability: Gustavo Grieco discovered that jansson did not limit the recursion depth when parsing JSON arrays and objects. This could allow remote attackers to cause a denial of service crash via stack exhaustion, using crafted JSON data CVE-2016-4425...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

Code injection

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

UBUNTU-CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

Debian: Security Advisory (DSA-3577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-6505 CVE-2016-4074 affecting package jq for versions less than 1.5-6

The jvdumpterm function in jq 1.5 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted JSON file. This issue has been fixed in jq 1.6rc1-r0...

AppCan vulnerability spree(AppCan weak password\XSS\SQL injection\sensitive files leaked\weak password\file upload vulnerability collection)-vulnerability warning-the black bar safety net

Test yourself to write the discuz scan tool robustness of the time to find a backup file http://bbs. appcan. cn//config/configucenter. php. bak Use uckey getshell failure,the test has changed uckey. To continue testing,found a suspected injection point http://edu. appcan. cn/traindetailnew. html?...

DEBIAN-CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...