421 matches found
[SECURITY] [DSA-2068-1] New python-cjson packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2068-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 11, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA-2068-1] New python-cjson packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-2068-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano July 11, 2010 http://www.debian.org/security/faq -...
DSA-2068-1 python-cjson - denial of service
Bulletin has no description...
Python-cjson Unicode字符编码缓冲区溢出漏洞
BUGTRAQ ID: 41279 CVE ID: CVE-2010-1666 python-cjson是Python使用的快速JSON编码/解码器模块。 在启用了UCS-4编码的情况下,远程攻击者可以通过向python-cjson模块的cjson.encode函数提交超长的Unicode输入触发缓冲区溢出,导致拒绝服务或完全入侵使用该模块的应用所在系统。 Dan Pascu python-cjson 1.0.5 厂商补丁: Dan Pascu --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-2009-4924
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
PYSEC-2010-26
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
CVE-2009-4924
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
Cross site scripting
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
UBUNTU-CVE-2009-4924
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
PYSEC-2010-26
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
CVE-2010-1666
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
CVE-2010-1666
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
Buffer overflow
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
CVE-2009-4924
Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...
PYSEC-2010-30
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
CVE-2009-4924
The provided connected documents confirm that CVE-2009-4924 affects python-cjson 1.0.5, where an improper handling of the '/' argument to cjson.encode can enable certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. The vulnerability is described consis...
CVE-2009-4924
Removed by vendor...
CVE-2010-1666
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...
CVE-2010-1666
Removed by vendor...
CVE-2010-1666
CVE-2010-1666 affects python-cjson 1.0.5 with UCS-4 encoding enabled. A buffer overflow in cjson.encode may allow a context-dependent attacker to trigger a denial of service (crash) or potentially other impact via crafted Unicode input. Public-visibility details in connected docs include: Fedora ...