AZL-43618 CVE-2024-39684 affecting package opencc 1.1.1-3

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

AZL-60091 CVE-2024-4467 affecting package qemu for versions less than 6.2.0-24

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

UBUNTU-CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.5, which stems from insufficient cleanup of the config parameter in the /applysettings function, allowing an attacker to manipulate...

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

The vulnerability of the “is-my-json-valid” library on the Node.js software platform allows a perpetrator to trigger a service failure.

The vulnerability of the Node.js software library “is-my-json-valid” relates to an inefficient regular expression used for checking JSON fields. This allows a malicious actor, operating remotely, to cause a service failure by sending a specially crafted JSON file...

Cross site scripting

IDURAR aka idurar-erp-crm through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data...

Code injection

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt JSON web token...

PT-2023-30716 · Unknown · Websiteguide

Name of the Vulnerable Software and Affected Versions: WebsiteGuide version 0.2 Description: An issue with insecure permissions in WebsiteGuide allows a remote attacker to gain escalated privileges by using a crafted JSON web token jwt. Recommendations: For WebsiteGuide version 0.2, consider...

CVE-2023-4883

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF Virtual Network Function, and triggering the ogssbimessagefree function, which could cause a...

CVE-2022-45688 -A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data. Products Confirmed Not Affected No Brocade Fibre Channel Product from Broadcom Products is known to be affected by this vulnerability...

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

Design/Logic Flaw

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

hjson-java Code Injection Vulnerability

hjson-java is Hjson open source a json, java conversion library . A security vulnerability exists in versions prior to hjson-java v3.0.0 that stems from allowing an attacker to cause a denial of service DoS by supplying a crafted JSON string...

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string...

PT-2023-27072 · Unknown · Hjson-Java

Name of the Vulnerable Software and Affected Versions: hjson-java versions up to v3.0.0 Description: The issue allows attackers to cause a Denial of Service DoS via supplying a crafted JSON string. This can lead to a StringIndexOutOfBoundsException. Recommendations: For hjson-java versions up to...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...