358 matches found
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
UBUNTU-CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
PT-2022-27618 · Atlassian +3 · Bitbucket Server +5
Name of the Vulnerable Software and Affected Versions: Jettison versions prior to 1.5.2 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 Description: A stack overflow in Jettison allows attackers to cause a Denial of Service DoS via crafted JSON data. This issue has a high impact o...
CVE-2022-45690
A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
Hutool 缓冲区错误漏洞
Hutool is a small but complete Java tool library for the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.10, which originates from a stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component, allowing an attacker to cause a denial of servic...
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
CVE-2022-45685
A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...
hutool-json stack overflow vulnerability
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...
CVE-2022-45045
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...
CVE-2022-45045
The CVE-2022-45045 issue affects Xiongmai NVR models such as MBD6304T (V4.02.R11.00000117.10001.131900.00000) and NBD6808T-PL (V4.02.R11.C7431119.12001.130000.00000). It allows an authenticated attacker to execute arbitrary OS commands as root by supplying a crafted JSON during an upgrade request...
GHSA-C9GM-7RFJ-8W5H Duplicate Advisory: ReDoS via crafted JSON input in GJSON
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...
Input validation
GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...
CVE-2018-17937
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs...
CVE-2021-38910
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID:...
GHSA-P8P6-RCP6-4MRM Uncontrolled Recursion in Play Framework
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...
GHSA-RF3M-MHV7-X39F Denial of Service in OpenShift Origin
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
Denial Of Service (DoS)
github.com/tidwall/gjson is vulnerable to denial of service DoS attacks. The vulnerability exists due to improper handling of long running matches in 'parseObject' in 'gjson.go' allowing a malicious user cause an application crash via a crafted json input...
PT-2021-23565 · Gjson · Gjson
Name of the Vulnerable Software and Affected Versions: GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3 Description: The issue allows attackers to cause a ReDoS regular...
CVE-2021-22008
The vCenter Server contains an information disclosure vulnerability in VAPI vCenter API service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending a specially crafted json-rpc message to gain access to sensitive information...
CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...