GHSA-P2XQ-VCM7-XJJ6 Stack Overflow in Apache Mesos

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

Code injection

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of many JSON object fields with keys that have the same hash code...

Dave Gamble cJSON Denial of Service Vulnerability

Dave Gamble cJSON is a lightweight JSON format parser . A security vulnerability exists in the cJSON library in Dave Gamble cJSON 1.7.6 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service memory leak...

Hashicorp Consul Remote Command Execution via Services API

This module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashicorp Consul Remote Command Execution...

Monero: Stack Overflow in JSON RPC Server

Summary: There is a stack overflow bug in jsonparser when parsing nesting objects. Description: Monero's json parser handled by epee libraries doesn't check object tree depth while parsing Steps To Reproduce: Up the service bash monerod run bash python2 poc.py backtrace SUMMARY: AddressSanitizer:...

CppCMS Denial of Service Vulnerability

CppCMS is a free , mainly using C + + language development of the Web rapid development framework . JSON parser is one of the JSON parser module . A security vulnerability exists in the JSON parser module in CppCMS versions before 1.2.1. An attacker can exploit this vulnerability to cause a denia...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

Design/Logic Flaw

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

CVE-2018-11367

An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module...

CVE-2018-11367

CppCMS prior to 1.2.1 contains a denial-of-service vulnerability in the JSON parser module. Affected component: the JSON parser in CppCMS; affected versions are those before 1.2.1. The issue is documented across multiple sources (e.g., CVE-2018-11367). Practical impact is DoS via crafted JSON inp...

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

[SECURITY] Fedora 27 Update: erlang-jiffy-0.14.13-1.fc27

A JSON parser for Erlang implemented as a NIF...

[SECURITY] Fedora 26 Update: erlang-jiffy-0.14.13-1.fc26

A JSON parser for Erlang implemented as a NIF...

Apache CouchDB Remote Code Execution Vulnerability

Exploit for multiple platform in category remote exploits Description Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access...

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Windows

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Linux

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

[ASA-201711-24] couchdb: multiple issues

Arch Linux Security Advisory ASA-201711-24 ========================================== Severity: High Date : 2017-11-16 CVE-ID : CVE-2017-12635 CVE-2017-12636 Package : couchdb Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-495 Summary ======= The package couchdb...

Design/Logic Flaw

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

UBUNTU-CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...