CVE-2020-28899

The CVE-2020-28899 entry concerns ZyXEL LTE4506-M606 devices (V1.00(ABDO.2)C0) where the Web CGI Script at /cgi-bin/gui.cgi does not require authentication. This allows remote, unauthenticated attackers to access all router features, including changing the admin password, retrieving the Wi‑Fi pas...

CVE-2020-7594

The CVE-2020-7594 entry concerns MultiTech Conduit MTCDT-LVW2-24XX devices (version 1.4.17-ocea-13592). The vulnerability arises from allowing remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the inte...

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

DEBIAN-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

Code injection

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

UBUNTU-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-18836

Netdata CVE-2018-18836 is a JSON injection vulnerability in Netdata 1.10.0 via api/v1/data tqx parameter (web_client_api_request_v1_data in web/api/web_api_v1.c). Connected advisories indicate fixes in later Netdata releases (e.g., update to 1.31.0 per OpenSUSE/OpenSUSE-SU-2021-1603-1 and related...

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

Cross-site Scripting (XSS)

preact is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as it was possible to inject virtual-dom nodes through JSON injection...

PT-2019-9644 · Netdata +4 · Netdata +4

Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software due to JSON injection via the "api/v1/data" endpoint, specifically through the tqx parameter. This is caused by the web client api request v1 data function in web/api/web api...

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

Sql injection

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

CVE-2018-3879

CVE-2018-3879 describes a JSON injection in Samsung SmartThings Hub video-core’s credentials handler that leads to a SQL injection in the SQLite database. Affected device: Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17. Root cause: the video-core HTTP server parses user-controlled JSON...

PT-2018-16272 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A JSON injection issue exists in the credentials handler of the video-core's HTTP server, allowing an attacker to send HTTP requests that trigger this issue. The video-core...