Lucene search
K

89 matches found

Positive Technologies
Positive Technologies
added 2021/10/22 12:0 a.m.3 views

PT-2021-23690 · Gjson +1 · Gjson +1

Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.9.3 Description: The issue allows a ReDoS regular expression denial of service attack. GJSON is a Go package that provides a fast and simple way to get values from a JSON document. A maliciously crafted path can caus...

7.5CVSS7.2AI score0.02246EPSS
Exploits1References21
OSV
OSV
added 2021/05/06 6:11 p.m.1 views

GHSA-3C6G-PVG8-GQW2 trentm/json vulnerable to command injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

7.2CVSS7.1AI score0.03727EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2020/08/30 12:0 a.m.5 views

PT-2020-19734 · Json · Json

Name of the Vulnerable Software and Affected Versions: json versions prior to 10.0.0 Description: The issue allows for the injection of arbitrary commands using the parseLookup function. Recommendations: For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a...

7.2CVSS8.5AI score0.03727EPSS
Exploits1References42
OpenVAS
OpenVAS
added 2020/05/26 12:0 a.m.50 views

Huawei Data Communication: RCE Vulnerability in Jackson JSON library of Apache Struts2 (huawei-sa-20180228-01-struts)

Apache Struts2 released a remote code execution RCE vulnerability in S2-055 on the official website. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

9.8CVSS9.6AI score0.37925EPSS
Exploits7References1
OSV
OSV
added 2020/05/09 6:15 p.m.2 views

DEBIAN-CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS6.8AI score0.01888EPSS
Exploits1References1
OSV
OSV
added 2020/05/09 6:15 p.m.3 views

ALPINE-CVE-2020-12762

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbufmemappend...

7.8CVSS7.5AI score0.01888EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.5 views

The vulnerability of the JSON-lib library and the camel-xmljson component of the Java framework Apache Camel, which allows attackers to execute an XXE attack

The vulnerability of the JSON-lib library and the camel-xmljson component of the Java framework Apache Camel is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to perform an XXE attack remotely...

7.8CVSS6.7AI score0.08463EPSS
Exploits0References14Affected Software4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/05/22 5:37 a.m.3 views

Apache Camel vulnerable to XML external entity injection (XXE)

Overview Apache Camel provided by The Apache Software Foundation contains an XML external entity injection XXE vulnerability CWE-611 due to using an outdated vulnerable JSON-lib library. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

7.5CVSS7.2AI score0.08463EPSS
Exploits0References6
Debian
Debian
added 2019/05/21 12:59 p.m.136 views

[SECURITY] [DLA 1798-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u6 CVE ID : CVE-2019-12086 Debian Bug : 929177 A Polymorphic Typing issue was discovered in jackson-databind, a JSON library for Java. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint...

7.5CVSS8.5AI score0.21949EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2019/05/16 12:0 a.m.5 views

The vulnerability of the JSON-lib library used in REST plugins of the Apache Struts software framework allows attackers to induce a service failure.

The vulnerability of the JSON-Lib library used in Apache Struts’ REST framework programming platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

7.8CVSS6.7AI score0.04889EPSS
Exploits2References4Affected Software3
OSV
OSV
added 2019/05/09 5:29 a.m.3 views

DEBIAN-CVE-2019-11835

cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments...

9.8CVSS8.6AI score0.02556EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/04/19 12:0 a.m.104 views

Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)

According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is...

9.8CVSS8.1AI score0.94999EPSS
Exploits16References13
Tenable Nessus
Tenable Nessus
added 2019/03/05 12:0 a.m.47 views

Debian DLA-1703-1 : jackson-databind security update

Several deserialization flaws were discovered in jackson-databind, a fast and powerful JSON library for Java, which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debi...

10CVSS7.7AI score0.12679EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/23 4:30 p.m.71 views

Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager

Summary Multiple security vulnerabilities affect Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8739 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by XML External Entity XXE vulnerability in JAX-RS implementation...

9.8CVSS1.5AI score0.37925EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:51 p.m.47 views

Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Jackson JSON library is shipped as a component of IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library. Information about security vulnerabilities affecting Jackson JSON library has been published. The Netcool/OMNIbus Transport Module Common Integration...

9.8CVSS1.5AI score0.49727EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:5 p.m.46 views

Security Bulletin: IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability (CVE-2017-7525 )

Summary IBM Security Guardium is affected by Open Source Apache Struts 2.5 Vulnerability. IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS0.8AI score0.37925EPSS
Exploits7Affected Software1
Huawei
Huawei
added 2018/02/28 12:0 a.m.79 views

Security Advisory - Remote Code Execution Vulnerability in Jackson JSON library of Apache Struts2

Apache Struts2 released a remote code execution vulnerability in S2-055 on the official website. An attacker is possible to perform a Remote Code Execution RCE attack with a malicious JSON packet. Vulnerability ID: HWPSIRT-2017-12002 This vulnerability has been assigned a Common Vulnerabilities a...

9.8CVSS9.4AI score0.37925EPSS
Exploits7Affected Software4
Broadcom
Broadcom
added 2017/12/09 12:0 a.m.10 views

BSA-2018-588

Security Advisory ID : BSA-2018-588 Component : Apache Strusts2 Revision : 2.0: Final In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

6.2CVSS7AI score0.04889EPSS
Exploits2
0day.today
0day.today
added 2017/12/02 12:0 a.m.141 views

Apache Struts2 S2-055 DoS Vulnerability

Exploit for multiple platform in category dos / poc Summary Vulnerability in the Jackson JSON library Who should read this All Struts 2 developers and users which are using the REST plugin Impact of vulnerability Not clear, please read the linked issue for more details...

7.5CVSS9.4AI score0.37925EPSS
Exploits7
Debian
Debian
added 2017/09/05 8:17 p.m.40 views

[SECURITY] [DSA 3966-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3966-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 05, 2017 https://www.debian.org/security/faq -...

9.8CVSS8.9AI score0.29442EPSS
Exploits8
Rows per page
Query Builder