PT-2021-21109 · Unknown · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: Fluent Bit aka fluent-bit versions 1.7.0 through 1.7.4 Description: The issue is related to a double free in the flb free function, which is called from flb parser json do and flb parser do. Recommendations: For Fluent Bit aka fluent-bit...

UBUNTU-CVE-2021-31684

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service DOS via a crafted web request...

Github json-smart-v1 缓冲区错误漏洞

Github json-smart-v1 is a Github open source application . Provides all non-indexed data in the data store as serialized JSON messages stored in the columns function . A security vulnerability exists in JSON Smart versions 1.3 and 2.4, which originates in the indexOf function of JSONParserByteArr...

Security Bulletin: Android Mobile SDK compile builder includes vulnerable components

Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

Default credentials

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

CVE-2021-22973

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes. Note: Software versions which have reached End of Software Development Eo...

CVE-2021-22973

CVE-2021-22973 affects F5 BIG-IP; the JSON parser function does not protect against out-of-bounds memory accesses or writes. Affected BIG-IP branches/versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions. Root cause:...

F5 Networks BIG-IP : iRules LX vulnerability (K13323323)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1. It is, therefore, affected by a vulnerability as referenced in the K13323323 advisory. - On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...

[SECURITY] Fedora 32 Update: golang-github-buger-jsonparser-1.1.1-1.fc32

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2021-b670727349)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2021-5676f1be7d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

Fastjson is vulnerable to arbitrary code execution. A deserialization vulnerability exists within the JSON parser and allows the attacker to execute arbitrary code on the host OS...

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

...

OSV-2020-252 Global-buffer-overflow in json_tokener_parse_ex

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23619 Crash type: Global-buffer-overflow READ 4 Crash state: jsontokenerparseex tokenerparseexfuzzer.cc...

Command Execution Vulnerability in Fastjson

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a command execution vulnerability that can be exploited by an attacker to gain server...

[SECURITY] Fedora 32 Update: golang-github-buger-jsonparser-0-0.9.20200406gitf7e751e.fc32

Alternative JSON parser for Go. It does not require you to know the structure of the payload eg. create structs, and allows accessing fields by providing the path to them. It is up to 10 times faster than standard encoding/json package depending on payload s ize and usage, allocates no memory...

The vulnerability of the _bsotype function in the BSON parsing software package allows a hacker to execute arbitrary code.

The vulnerability of the bsotype function in the BSON parsing software package is related to errors during data deserialization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Fedora: Security Advisory for golang-github-buger-jsonparser (FEDORA-2020-97e8a67945)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...