421 matches found
GHSA-CQMH-MPX2-G633 Improper Restriction of Operations within the Bounds of a Memory Buffer in python-cjson
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
CVE-2022-25757
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...
Input validation
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the bodyschema validation in the request-validation plugin. For example,...
GHSA-95JP-77W6-QJ52 Cross-site Scripting in python-cjson
Python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
Cross-site Scripting in python-cjson
Python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
Important: Red Hat Security Advisory: redis:5 security update
An update for the redis:5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...
CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
DEBIAN-CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
Input validation
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
CVE-2019-1010239
CVE-2019-1010239 affects the cJSON project (cJSON 1.7.8) with an Improper Check for Unusual or Exceptional Conditions in the cJSON_GetObjectItemCaseSensitive() function. The vulnerability allows a crafted JSON file to trigger a NULL dereference, leading to denial of service. The fixed version is ...
CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSONGetObjectItemCaseSensitive function. The attack vector is: crafted json file. The fixed version is: 1.7...
PT-2019-5668 · Dave Gamble · Cjson
Name of the Vulnerable Software and Affected Versions: DaveGamble/cJSON versions 1.7.8 Description: The issue is related to an improper check for unusual or exceptional conditions, which can lead to a null dereference. This can cause a denial of service when a crafted JSON file is used as an atta...
AZL-41111 CVE-2019-11834 affecting package libglvnd for versions less than 1.7.0-2
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal...
AZL-41390 CVE-2019-11835 affecting package libglvnd for versions less than 1.7.0-2
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments...
CVE-2019-11834
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal...
CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments...