26 matches found
Astra Linux - уязвимость в libjettison-java
An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...
CVE-2026-35168
OpenSTAManager before version 2.10.2 exposes a vulnerability in the Aggiornamenti module (op=risolvi-conflitti-database). It accepts a JSON array of SQL statements via POST and executes them directly on the MySQL database without validation, allowlists, or sanitization, enabling an authenticated ...
Argo CD 安全漏洞
Argo CD is an Argo open source declarative GitOps continuous delivery tool for Kubernetes. A security vulnerability exists in Argo CD that stems from not checking the length of JSON arrays, which could lead to a denial-of-service attack. The following versions are affected: versions 2.9.0-rc1...
Bash Profile Persistence
This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. Verified on Ubuntu 22.04 and 18.04 desktop with Gnome Module Options msf use exploit/linux/persistence/bashprofile msf...
USN-7729-1: KDE PIM vulnerabilities
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Und...
Claude Desktop Installed (Windows)
Binary data claudedesktopwininstalled.nbin...
Linux Distros Unpatched Vulnerability : CVE-2018-19871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. CVE-2018-19871 Note that Nessus relies on the presence of the...
OESA-2023-1966 jettison security update
Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...
OESA-2023-1964 jettison security update
Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
OSV-2023-742 Security exception in org.json.JSONArray.writeTo
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61747 Crash type: Security exception Crash state: org.json.JSONArray.writeTo org.json.JSONStringer.value org.json.JSONStringer.peek...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
jettison: Uncontrolled Recursion in JSONArray
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown...
ManageEngine ADManager Plus Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection', 'Description' = %q ManageEngine ADManager Plus prior to build...
UBUNTU-CVE-2023-1436
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...
OESA-2023-1174 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In bindertransactionbufferrelease of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
Reolink RLC-410W cgiserver.cgi command parser denial of service vulnerability
Summary A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested...
CVE-2021-44839
An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...