DEBIAN-CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

jettison: stack overflow in JSONObject() allows attackers to cause a Denial of Service (DoS) via crafted JSON data

A flaw was found in Jettison. Sending a specially crafted string can cause a stack-based buffer overflow. This issue may allow a remote attacker to cause a denial of service...

NETGEAR RAX30 安全漏洞

NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 that originates from a buffer overflow vulnerability during JSON data processing...

cJSON 安全漏洞

cJSON is a lightweight open source JSON parser. A security vulnerability exists in cJSON version v1.7.17, which stems from the inclusion of a segmentation violation, and can be triggered by the second parameter of the cJSONSetValuestring function in cJSON.c. The vulnerability can be exploited by...

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

PT-2024-21427 · Vseeface · Vseeface

Name of the Vulnerable Software and Affected Versions: VSeeFace versions 1.13.38.c2 and earlier Description: The issue allows attackers to cause a denial of service, resulting in an application hang, via a spoofed UDP packet containing at least 10 digits in JSON data. Recommendations: For version...

USN-6713-1 qpdf vulnerability

It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code...

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose versions prior to 4.0.1, 3.0.3, and 2.6.3, which allows an attacker to send JWEs containing compressed data that uses a large amount of memory and CPU when decompressed via Decrypt or...

JSON-java: parser confusion leads to OOM

A flaw was found in the org.json package. A bug in the parser exists, and an input string may lead to undefined usage of memory, leading to an out-of-memory error, causing a denial of service DoS...

libfastjson: integer overflow and out-of-bounds write via a large JSON file

A flaw was found in json-c. In printbufmemappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Qualys API Best Practices: Web Application Scanning API

This API Best Practices Series is designed for Qualys customer programmers or stakeholders with a general knowledge of programming who want to implement best practices for improving the development, design, and performance of their programs that use the Qualys API. For non-customers, the Qualys A...

PYSEC-2023-196

vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version...

apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale

A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service...

Important: tomcat

Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...

Hutool Security Vulnerabilities

Hutool is a small but complete Java tool library from the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.21, which stems from a buffer overflow vulnerability in the component JSONUtil.parse...

The vulnerability of the BigDecimal component in the Apache Johnzon JSON file processing software allows a attacker to cause a service failure.

The vulnerability of the BigDecimal component in the Apache Johnzon JSON processing software lies in the shortcomings of the deserialization mechanism when processing JSON files. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...

PT-2023-6374 · Casaos · Casaos

Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.4 Description: Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication, allowing them to execute arbitrary commands as root on CasaOS instances. This issue is...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Fast Access to Order Details 1.1.20 and earlier version...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...