323 matches found
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
SUSE CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
CVE-2023-23856
In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...
CVE-2022-45492
Buffer overflow vulnerability in function jsonparsenumber in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
jettison: memory exhaustion via user-supplied XML or JSON data
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...
jettison: parser crash by stackoverflow
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...
Jettison 缓冲区错误漏洞
Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from a stack overflow , allowing an attacker to...
CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query parameter when outputmode=radio...
PT-2022-26971 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...
deep-parse-json 安全漏洞
deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...
Fluentd 代码问题漏洞
Fluentd is an open source log collector from Fluentd Open Source. Collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop, and more. Fluentd suffers from a security vulnerability. An attacker exploits the vulnerability to execute arbitrary code via a...
GHSA-X27M-9W8J-5VCW Jettison memory exhaustion
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...
CVE-2022-37775
Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...
UBUNTU-CVE-2022-40150
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...
morgan-json 安全漏洞
morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...