Lucene search
K

123 matches found

Vulnrichment
Vulnrichment
added 2023/02/10 10:3 p.m.6 views

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

8.2CVSS9.3AI score0.00631EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/10 10:3 p.m.31 views

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

8.2CVSS9.9AI score0.00631EPSS
Exploits0References1
Veracode
Veracode
added 2022/12/14 9:59 a.m.37 views

Denial Of Service (DoS)

org.codehaus.jettison:jettison is vulnerable to denial of service DoS attacks. A remote attacker is able to cause a stack overflow via injecting crafted JSON data, resulting in denial of service conditions...

7.5CVSS7.3AI score0.01395EPSS
Exploits1References4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/09 7:10 p.m.60 views

Security Bulletin: IBM DataPower Gateway permits reflected JSON injection (CVE-2021-38910)

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38910 DESCRIPTION: IBM DataPower Gateway could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this...

5.3CVSS5.2AI score0.01076EPSS
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2021/12/21 12:0 a.m.33 views

openSUSE 15 Security Update : netdata (openSUSE-SU-2021:1603-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1603-1 advisory. - An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data i...

7.5CVSS6.6AI score0.02172EPSS
Exploits3References12
Github Security Blog
Github Security Blog
added 2021/12/13 9:33 p.m.32 views

Uncaught Exception in mercurius

Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...

7.5CVSS1.1AI score0.01522EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/09/15 5:15 p.m.67 views

CVE-2021-39205

CVE-2021-39205 affects Jitsi Meet up to version 2.0.6173. The issue is a client-side cross-site scripting vulnerability caused by injecting properties into JSON objects that were not properly escaped. Impact is described as a potential for script execution in the browser context of the user, with...

6.8CVSS5.9AI score0.01187EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/03/16 4:17 p.m.52 views

CVE-2020-28899

The CVE-2020-28899 entry concerns ZyXEL LTE4506-M606 devices (V1.00(ABDO.2)C0) where the Web CGI Script at /cgi-bin/gui.cgi does not require authentication. This allows remote, unauthenticated attackers to access all router features, including changing the admin password, retrieving the Wi‑Fi pas...

9.1CVSS9.2AI score0.01632EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/21 9:5 p.m.77 views

CVE-2020-7594

The CVE-2020-7594 entry concerns MultiTech Conduit MTCDT-LVW2-24XX devices (version 1.4.17-ocea-13592). The vulnerability arises from allowing remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the inte...

9CVSS7.2AI score0.02491EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/12/17 6:15 p.m.6 views

CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

7.5CVSS7.4AI score
Exploits0References7
NVD
NVD
added 2019/06/18 4:15 p.m.18 views

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS6.5AI score0.01962EPSS
Exploits1References5
OSV
OSV
added 2019/06/18 4:15 p.m.2 views

DEBIAN-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS7.4AI score0.01962EPSS
Exploits1References1
OSV
OSV
added 2019/06/18 4:15 p.m.14 views

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS7AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/06/18 4:15 p.m.21 views

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS6.9AI score0.01962EPSS
Exploits1References7
OSV
OSV
added 2019/06/18 4:15 p.m.2 views

UBUNTU-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS6.9AI score0.01962EPSS
Exploits1References8
Prion
Prion
added 2019/06/18 4:15 p.m.27 views

Code injection

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

4.3CVSS6.5AI score0.01962EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2019/06/18 3:13 p.m.21 views

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.9AI score0.01962EPSS
Exploits1References5
CVE
CVE
added 2019/06/18 3:13 p.m.176 views

CVE-2018-18836

Netdata CVE-2018-18836 is a JSON injection vulnerability in Netdata 1.10.0 via api/v1/data tqx parameter (web_client_api_request_v1_data in web/api/web_api_v1.c). Connected advisories indicate fixes in later Netdata releases (e.g., update to 1.31.0 per OpenSUSE/OpenSUSE-SU-2021-1603-1 and related...

6.5CVSS6.8AI score0.01962EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2019/06/18 3:13 p.m.16 views

CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

6.5CVSS7.1AI score0.01962EPSS
Exploits1
Veracode
Veracode
added 2019/05/06 8:35 a.m.9 views

Cross-site Scripting (XSS)

preact is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as it was possible to inject virtual-dom nodes through JSON injection...

5.7AI score
Exploits0
Rows per page
Query Builder