28 matches found
[SECURITY] Fedora 31 Update: json-c-0.13.1-12.fc31
JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159...
Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2017-16881
b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...
Security auditing tool for AWS: AWS Scout2
Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...
Denial Of Service (DoS)
node is vulnerable to denial of service. Improper processing of a V8 garbage collection from a V8 interrupt allows remote attackers to cause high memory consumption leading to a denial of service condition via deep JSON objects which allows the interrupt to mask an overflow of the program stack...
CVE-2014-5256
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...
CVE-2014-5256
Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...
[SECURITY] Fedora 20 Update: json-c-0.11-6.fc20
JSON-C implements a reference counting object model that allows you to easi ly construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects...