CVE-2021-43635

A Cross Site Scripting XSS vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file...

cbioportal 安全漏洞

CbioPortal is used to provide visualization, analysis, and download of large-scale cancer genomics datasets. a denial-of-service vulnerability exists in CbioPortal in versions 3.6.21 and earlier, which stems from the insecure handling of regular expressions in /ProteinArraySignificanceTest.json,...

MTN Group: Wordpress users disclosure from json and xml file

Summary: It's possible to get information about the users registered such as: username without authentication in Wordpress via API on: https://www.mtn.co.sz/wp-json/oembed/1.0/embed?url=https://www.mtn.co.sz/&format=json https://www.mtn.co.sz/author-sitemap.xml Steps To Reproduce: The path...

json-c security and bug fix update

0.13.1-2 - rebuild 1954436 0.13.1-1 - Fix CVE-2020-12762 out-of-bounds write via a large JSON file - Resolves: rhbz1835626...

Kubernetes: Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS

Report Submission Form Summary: Kubernetes have a github repository github.com/kubernetes/release In the repository there is code for dashboard. The dashboard have a html file dashboard.html which is using a JS file from a google storage bucket. The bucket was not registered on google cloud. So I...

CentOS 8 : json-c (CESA-2021:4382)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4382 advisory. - json-c: integer overflow and out-of-bounds write via a large JSON file CVE-2020-12762 Note that Nessus has not tested for this issue but has instead relied on...

Moderate: json-c security and bug fix update

JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation JSON objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Security Fixes: json-c: integer overflow...

Wallarm API Firewall outperforms Nginx in a production environment

Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else...

Uchihash - A Small Utility To Deal With Malware Embedded Hashes

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs especially in shellcode Checking running process used by analysts Anti-Analysis Checking VM or Antivirus artifacts Anti-Analysis...

CVE-2021-22539

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint .bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recomme...

SecretScanner - Find Secrets And Passwords In Container Images And File Systems

Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure such as accounts, devices, network, cloud based services,...

EulerOS Virtualization 3.0.2.2 : json-c (EulerOS-SA-2020-2189)

According to the version of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by...

Directory traversal

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

Visual Studio JSON Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Arbitrary Code Execution

json-c is vulnerable to arbitrary code execution. The vulnerability exists through an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

Amazon Linux AMI : json-c (ALAS-2020-1381)

The version of json-c installed on the remote host is prior to 0.11-7.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1381 advisory. json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

Medium: json-c

Issue Overview: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend. CVE-2020-12762 Affected Packages: json-c Issue Correction: Run yum update json-c or yum update --advisory ALAS-2020-1381 to update your system. New...

Updated json-c packages fix security vulnerability

Updated json-c package fixes security vulnerabilities: It was discovered that json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend CVE-2020-12762...

EulerOS 2.0 SP8 : json-c (EulerOS-SA-2020-1582)

According to the version of the json-c packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend.CVE-2020-12762 Note...

FreeBSD : json-c -- integer overflow and out-of-bounds write via a large JSON file (abc3ef37-95d4-11ea-9004-25fadb81abf4)

Tobias Stockmann reports : I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or if a huge load during filesystem operations can be triggered. C Tenable...