Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from a stack overflow , allowing an attacker to...

Prototype Pollution

fastest-json-copy is vulnerable to pollution prototype. The vulnerability exists because of missing validation of keys in v1.js allowing an attacker to add new values to the JavaScript object prototype, overwriting or contaminating the base object...

CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query parameter when outputmode=radio...

PT-2022-26971 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...

deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...

Fluentd 代码问题漏洞

Fluentd is an open source log collector from Fluentd Open Source. Collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop, and more. Fluentd suffers from a security vulnerability. An attacker exploits the vulnerability to execute arbitrary code via a...

GHSA-X27M-9W8J-5VCW Jettison memory exhaustion

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

CVE-2022-37775

Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...

UBUNTU-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

morgan-json 安全漏洞

morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...

GLSA-202208-08 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-08 Mozilla Firefox: Multiple Vulnerabilities - Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1919 - regex...

VulnCheck KEV: CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR...

Fedora: Security Advisory for golang-gopkg-square-jose-2 (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5512-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5512-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

Rhonabwy 安全漏洞

Rhonabwy is a Javascript Object Signing and Encryption JOSE library from the Canadian personal developer Nicolas Mora. A security vulnerability exists in Rhonabwy versions prior to v1.1.5, which stems from the discovery of a buffer overflow contained via the component rjweaesgcmkeyunwrap, which...

Rocky Linux 8 : firefox (RLSA-2022:5469)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5469 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and ...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:2279-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2279-1 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:2313-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2313-1 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes o...

Oracle Linux 9 : thunderbird (ELSA-2022-5482)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5482 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...