PT-2025-3806

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 134 Firefox ESR versions prior to 128.6 Thunderbird versions prior to 134 Thunderbird versions prior to 128.6 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment...

Security update for nodejs18

This update for nodejs18 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: upgrade npm to 10.8.2 update simdutf to 5.6.0 update brotli to 1.1.0...

DEBIAN-CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory...

PT-2023-7218 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to a buffer overflow in the zabbix/src/libs/zbxjson module when parsing JSON files via the zbx json open function. This can potentially allow a remote attacker to execut...

CVE-2022-47937 Multiple parsing problems in the Apache Sling Commons JSON module

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

Drupal 安全漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal that results from improper access restrictions in the program's JSON:API module. A remote user could bypass the implemented security restrictions and gain...

Fortinet FortiManager 代码注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and...

CVE-2016-20001

The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

Vulnerability of the Server component: The Oracle MySQL Server, a database management system, allows attackers to trigger service interruptions.

The vulnerability of the Oracle MySQL Server component of the database management system’s JSON module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL protocol...

EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...

DEBIAN-CVE-2018-13863

The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...

Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

ALPINE-CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

CVE-2014-4616

CVE-2014-4616 affects Python’s json implementation: the scanstring function in the _json module (and in simplejson prior to 2.6.1) has an array index error that can be triggered by a negative idx in raw_decode. Affected: Python 2.7–3.5 and simplejson

CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

Python priority denial of service vulnerability

Python is a suite of open source, object-oriented programming languages from the Python Software Foundation. json is one of the modules that provides a lightweight format for exchanging data. priority is one of the modules used to implement ordering. A denial of service vulnerability exists in...

Scientific Linux Security Update : python on 7.x i686/x86_64 (2015:2101)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2101-1 advisory. - The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory...

Moderate: Red Hat Security Advisory: python security, bug fix, and enhancement update

Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

python: missing boundary check in JSON module

A flaw was found in the way the json module handled negative index argument passed to certain functions such as rawdecode. An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory...

USN-2653-1 python2.7, python3.2, python3.4 vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. CVE-2013-1752 It was discovered that the Python xmlrpc library did not...