Lucene search
K

37 matches found

Cvelist
Cvelist
added 2022/03/08 12:0 a.m.35 views

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

7.2CVSS7.3AI score0.01344EPSS
Exploits0References1
OSV
OSV
added 2021/12/20 10:15 p.m.27 views

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

7.5CVSS7.1AI score
Exploits0References4
OSV
OSV
added 2021/12/17 7:15 p.m.11 views

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

7.5CVSS7.5AI score
Exploits0References2
Debian CVE
Debian CVE
added 2021/12/07 9:8 p.m.28 views

CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.8AI score0.03206EPSS
Exploits2
Huntr
Huntr
added 2021/05/23 12:12 p.m.5 views

Exposure of Sensitive Information to an Unauthorized Actor in tl-its-umich-edu/my-learning-analytics

✍️ Description Django secret key is exposed into the Dockerfile. This is used to sign JSON objects, create hashes and generate CSRF tokens. 🕵️‍♂️ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 💥...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/05/12 1:29 p.m.12 views

in cythron/tweango

✍️ Description Django secret key is pushed into Github repository. This is used to sign Json objects, create hashes and generate Csrf tokens. 🕵️‍♂️ Proof of Concept https://stackoverflow.com/questions/15170637/effects-of-changing-djangos-secret-key/15383766?noredirect=1comment2174349415383766 💥...

Exploits0References1
OSV
OSV
added 2021/04/14 8:4 p.m.21 views

GO-2021-0059 Panic due to improper input validation in Get in github.com/tidwall/gjson

Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector...

7.5CVSS7.3AI score0.01662EPSS
Exploits1References2
OSV
OSV
added 2021/04/14 8:4 p.m.22 views

GO-2021-0057 Panic due to improper input validation in github.com/buger/jsonparser

Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector...

7.8CVSS7.2AI score0.02291EPSS
Exploits1References3
Securelist
Securelist
added 2020/10/15 10:0 a.m.79 views

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with...

0.6AI score
Exploits0
Fedora
Fedora
added 2020/05/26 3:20 a.m.26 views

[SECURITY] Fedora 31 Update: json-c-0.13.1-12.fc31

JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159...

7.8CVSS7.8AI score0.01888EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2018/10/11 12:0 a.m.26 views

Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS3AI score0.03855EPSS
Exploits0References1
OSV
OSV
added 2017/11/18 1:29 p.m.3 views

CVE-2017-16881

b3log Symphony aka Sym 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java,...

6.1CVSS5.8AI score
Exploits0References1
n0where
n0where
added 2015/01/19 7:53 a.m.17 views

Security auditing tool for AWS: AWS Scout2

Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...

0.9AI score
Exploits0References1
Veracode
Veracode
added 2014/09/23 1:51 p.m.33 views

Denial Of Service (DoS)

node is vulnerable to denial of service. Improper processing of a V8 garbage collection from a V8 interrupt allows remote attackers to cause high memory consumption leading to a denial of service condition via deep JSON objects which allows the interrupt to mask an overflow of the program stack...

5CVSS6AI score0.03261EPSS
Exploits1References6Affected Software2
NVD
NVD
added 2014/09/05 5:55 p.m.28 views

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

5CVSS8.7AI score0.03261EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2014/09/05 5:0 p.m.32 views

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

5CVSS6.5AI score0.03261EPSS
Exploits1
Fedora
Fedora
added 2014/04/17 6:4 a.m.27 views

[SECURITY] Fedora 20 Update: json-c-0.11-6.fc20

JSON-C implements a reference counting object model that allows you to easi ly construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects...

5CVSS2.7AI score0.04474EPSS
Exploits1
Rows per page
Query Builder