OESA-2022-2153 samba security update

Security Fixes: Invalid free in ASN.1 codec...

Jettison 缓冲区错误漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX . Jettison v1.5.2 before the version of a security vulnerability , the vulnerability stems from a stack overflow , allowing an attacker to...

Heimdal 安全漏洞

Heimdal is Heimdal open source a Kerberos implementation and security program . Heimdal KDC has a security vulnerability , the vulnerability stems from the ASN.1 codec in the invalid free , an attacker can use the vulnerability can use Kerberos authentication can simulate a client or service to...

CVE-2022-43568 Reflected Cross-Site Scripting via the radio template in Splunk Enterprise

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query parameter when outputmode=radio...

PT-2022-26971 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...

deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...

Fluentd 代码问题漏洞

Fluentd is an open source log collector from Fluentd Open Source. Collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop, and more. Fluentd suffers from a security vulnerability. An attacker exploits the vulnerability to execute arbitrary code via a...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when it parses scientific notation numbers present in JSON. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit Credit: Kevin Stubbings...

CVE-2022-23462 Stack Buffer Overflow in iowow

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service DOS when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit...

CVE-2022-23462 Stack Buffer Overflow in iowow

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service DOS when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit...

DEBIAN-CVE-2022-3433

The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service...

GHSA-X27M-9W8J-5VCW Jettison memory exhaustion

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

CVE-2022-37775

Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...

UBUNTU-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

morgan-json 安全漏洞

morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox 102...

Calabrio Teleopti WFM 安全漏洞

Calabrio Teleopti WFM is an enterprise workforce management system from Calabrio USA. providing everything needed to effectively manage employees, forecast demand, automate schedule creation, develop accurate and insightful reports, and improve overall customer service operations. A security...

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to an input validation error that stems from a lack of ASN.1 parsing restrictions on error formats. An attacker could exploit this vulnerability to compromise the affected system...

BitTorrent uTorrent 安全漏洞

BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by the American company BitTorrent. A security vulnerability exists in BitTorrent uTorrent that stems from some unknown functionality of the component JSON RPC server. A remote attacker could exploit the vulnerability to...