AZL-41848 CVE-2018-1000216 affecting package libglvnd for versions less than 1.7.0-2

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000217

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

CVE-2018-1000217

The CVE-2018-1000217 entry concerns the cJSON library (versions 1.7.3 and earlier) with CWE-416: Use After Free. The flaw can cause a crash, data corruption, or remote code execution, depending on how the application uses cJSON; exploitation over a network is possible if the application exposes a...

CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

CVE-2018-1000215

Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service DoS. This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This...

CVE-2018-1000216

The CVE-2018-1000216 entry concerns cJSON versions 1.7.2 and earlier, which contain a CWE-415 Double Free vulnerability. According to the connected documents, exploitation can lead to a crash or remote code execution, with the attack potentially achievable by forcing the victim to print JSON data...

CVE-2018-1000215

CVE-2018-1000215 affects the cJSON library (version ≤ 1.7.6). The root cause is a CWE-772 vulnerability that can cause a Denial of Service by memory leak when data is printed under low memory conditions. A fix exists in 1.7.7. Exploitation details in the documents indicate the issue could be trig...

CVE-2018-1000216

Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could...

PT-2018-9385 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions 1.7.3 and earlier Description: The issue is related to a Use After Free problem in the cJSON library, which can lead to a crash, data corruption, or even Remote Code Execution RCE. The exploitability depends on how the...

PT-2018-9383 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions 1.7.6 and earlier Description: The issue in the cJSON library can result in Denial of Service DoS and potentially force a memory leak if the system is in low memory and the attacker can force the data to be printed...

PT-2018-9384 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: cJSON versions 1.7.2 and earlier Description: The issue is related to a Double Free vulnerability in the cJSON library, which can result in a possible crash or Remote Code Execution RCE. This can be exploited if an attacker can force the vict...

Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities(CVE-2017-16338 ~CVE-2017-16347)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...

Fedora 25 : python-cjson (2017-7803508155)

This update prevents python-cjson from crashing when attempting to parse heavily nested JSON structures which could be exploited for denial of service purposes, against any application that uses python-cjson to parse arbitrary input. Note that Tenable Network Security has extracted the preceding...

Fedora 24 : python-cjson (2017-abbfa3f1a9)

This update prevents python-cjson from crashing when attempting to parse heavily nested JSON structures which could be exploited for denial of service purposes, against any application that uses python-cjson to parse arbitrary input. Note that Tenable Network Security has extracted the preceding...

[SECURITY] Fedora 25 Update: python-cjson-1.1.0-9.fc25

This module implements a very fast JSON encoder/decoder for Python. JSON stands for JavaScript Object Notation and is a text based lightweight data exchange format which is easy for humans to read/write and for machines to parse/generate. JSON is completely language independent and has multiple...

Fedora Update for python-cjson FEDORA-2017-7803508155

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for python-cjson FEDORA-2017-abbfa3f1a9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...