323 matches found
PT-2024-21427 · Vseeface · Vseeface
Name of the Vulnerable Software and Affected Versions: VSeeFace versions 1.13.38.c2 and earlier Description: The issue allows attackers to cause a denial of service, resulting in an application hang, via a spoofed UDP packet containing at least 10 digits in JSON data. Recommendations: For version...
USN-6713-1 qpdf vulnerability
It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...
jose Security Vulnerabilities
jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose versions prior to 4.0.1, 3.0.3, and 2.6.3, which allows an attacker to send JWEs containing compressed data that uses a large amount of memory and CPU when decompressed via Decrypt or...
JSON-java: parser confusion leads to OOM
A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...
libfastjson: integer overflow and out-of-bounds write via a large JSON file
A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Qualys API Best Practices: Web Application Scanning API
This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...
PYSEC-2023-196
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...
apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale
A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service...
Important: tomcat
Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...
Hutool Security Vulnerabilities
Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.21, which stems from a buffer overflow vulnerability in the component JSONUtil.parse...
PT-2023-6374 · Casaos · Casaos
Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.4 Description: Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication, allowing them to execute arbitrary commands as root on CasaOS instances. This issue is...
PrestaShop 安全漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Fast Access to Order Details 1.1.20 and earlier version...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
tomcat: JsonErrorReportValve injection
A flaw was found in the Tomcat package. This flaw allowed users to input an invalid JSON structure, causing unwanted behavior as it did not escape the type, message, or description values...
DEBIAN-CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...