123 matches found
CVE-2023-25560 JSON Injection in DataHub
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...
CVE-2023-25560 JSON Injection in DataHub
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...
Denial Of Service (DoS)
org.codehaus.jettison:jettison is vulnerable to denial of service DoS attacks. A remote attacker is able to cause a stack overflow via injecting crafted JSON data, resulting in denial of service conditions...
Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910)
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38910 DESCRIPTION: IBM DataPower Gateway could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this...
openSUSE 15 Security Update : netdata (openSUSE-SU-2021:1603-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1603-1 advisory. - An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data i...
Uncaught Exception in mercurius
Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...
CVE-2021-39205
CVE-2021-39205 affects Jitsi Meet up to version 2.0.6173. The issue is a client-side cross-site scripting vulnerability caused by injecting properties into JSON objects that were not properly escaped. Impact is described as a potential for script execution in the browser context of the user, with...
CVE-2020-28899
The CVE-2020-28899 entry concerns ZyXEL LTE4506-M606 devices (V1.00(ABDO.2)C0) where the Web CGI Script at /cgi-bin/gui.cgi does not require authentication. This allows remote, unauthenticated attackers to access all router features, including changing the admin password, retrieving the Wi‑Fi pas...
CVE-2020-7594
The CVE-2020-7594 entry concerns MultiTech Conduit MTCDT-LVW2-24XX devices (version 1.4.17-ocea-13592). The vulnerability arises from allowing remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the inte...
CVE-2014-8179
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
DEBIAN-CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
UBUNTU-CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
Code injection
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
CVE-2018-18836
Netdata CVE-2018-18836 is a JSON injection vulnerability in Netdata 1.10.0 via api/v1/data tqx parameter (web_client_api_request_v1_data in web/api/web_api_v1.c). Connected advisories indicate fixes in later Netdata releases (e.g., update to 1.31.0 per OpenSUSE/OpenSUSE-SU-2021-1603-1 and related...
CVE-2018-18836
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...
Cross-site Scripting (XSS)
preact is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as it was possible to inject virtual-dom nodes through JSON injection...