RLSA-2022:4769 Critical: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fixes: Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution CVE-2022-1529 Mozilla: Prototype pollution in Top-Level Await implementati...

Critical: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

RHEL 8 : firefox (RHSA-2022:4768)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4768 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the...

编号撤回

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-44355

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

MingSoft MCMS 访问控制错误漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. MCMS 5.2.5 and previous versions have a security vulnerability that originates from net.mingsoft.basic.action.web.EditorActioneditor missing for json data The vulnerability can be exploited for remote code execution...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44393

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44377

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the JSON parsing function of cgiserver.cgi not doing the correct handling of incoming error messages. An attacker could use th...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

CVE-2021-43853

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

CVE-2021-43853

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

CVE-2021-43853 Cross-Site Scripting in AjaxNetProfessional

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

CVE-2021-43853

Ajax.NET Professional (AjaxPro) for Microsoft ASP.NET is affected by CVE-2021-43853 due to a JavaScript object injection vulnerability that arises during JSON input parsing, enabling cross-site scripting if a malicious actor supplies crafted data. All releases before 21.12.22.1 are affected. A re...