CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17072
https://notcve.org/view.php?id=CVE-2018-17072
16 Sep 2018 — JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. JSON++ hasta el 15 06 2016 tiene una sobrelectura de búfer en yyparse() en json.y. • https://github.com/tunnuz/json/issues/11 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000539 – Debian Security Advisory 4283-1
https://notcve.org/view.php?id=CVE-2018-1000539
26 Jun 2018 — Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. Nov json-jwt, en versiones 0.5.0 hasta la 1.9.4 contiene una vulnerabilidad CWE-347: verificación incorrecta de firmas criptográficas en el descifra... • https://github.com/nov/json-jwt/pull/62 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000096
https://notcve.org/view.php?id=CVE-2018-1000096
13 Mar 2018 — brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. brianleroux tiny-json-http, en todas las versiones desde el commit con ID 9b8e74a232bba4701844e07bcba794173b0238a8 (29 de octubre de 2016), contiene una vulnerabilidad de falta de certificado SSL que afecta a la funcional... • https://github.com/ossf-cve-benchmark/CVE-2018-1000096 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2537
https://notcve.org/view.php?id=CVE-2016-2537
23 Feb 2016 — The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. El paquete is-my-json-valid en versiones anteriores a 2.12.4 para Node.js tiene una expresión regular exports['utc-millisec'] incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (bucle de eventos bloqueados) a través de una cadena manipulada. • https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2015-4590
https://notcve.org/view.php?id=CVE-2015-4590
22 Jun 2015 — The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read. La función extractFrom en Internals/QuotedString.cpp en Arduino JSON anterior a 4.5 permite a atacantes remotos causar una denegación de servicio (caída) a través de una cadena JSON con una \ (barra invertida) seguido por un term... • http://www.openwall.com/lists/oss-security/2015/06/16/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2013-6370 – json-c: buffer overflow if size_t is larger than int
https://notcve.org/view.php?id=CVE-2013-6370
17 Apr 2014 — Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer en las APIs printbuf en json-c anterior a 0.12 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados. JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C represe... • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6371 – json-c: hash collision DoS
https://notcve.org/view.php?id=CVE-2013-6371
17 Apr 2014 — The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. La funcionalidad de hash en json-c anterior a 0.12 permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de datos JSON manipulados, involucrando colisiones. JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-forma... • http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131845.html • CWE-310: Cryptographic Issues •