co.actioniq:scalavro-core_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0), co.actioniq:scalavro_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0) +210 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.10 (>=1.2.5 <=1.3.4)

io.spray:spray-json2.10 MAVEN version =1.2.5, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.3 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...

com.github.fommil:spray-json-shapeless_2.12.0-RC2 (=1.3.0), com.typesafe.akka:akka-http-spray-json-experimental_2.12.0-RC2 (=2.4.11) +1 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12.0-RC2 (=1.3.2)

io.spray:spray-json2.12.0-RC2 MAVEN version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on io.spray:spray-json2.12.0-RC2 and may be impacted: - com.github.fommil:spray-json-shapeless2.12.0-RC2 =1.3.0 -...

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.2.0), cc.akkaha:pea_2.12 (>=0.1.0 <=0.2.0) +43 more potentially affected by CVE-2018-21234 via org.jodd:jodd-json (>=3.6.6 <=5.0.3)

org.jodd:jodd-json MAVEN version =3.6.6, =0.1.5, =0.1.0, =0.4.0, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.0.3, =1.2.1 and more Source cves: CVE-2018-21234 Source advisory: OSV:GHSA-JRG3-QQ99-35G7...

ruby:2.5 security, bug fix, and enhancement update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2021-30468

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior ...

CVE-2021-31875

In mjsjson.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjsjsonparse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t...

mysql: Server: JSON unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

mysql: Server: JSON unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

CVE-2020-24355

Zyxel VMG5313-B30B router on firmware 5.13ABCJ.6b31127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during accoun...

Command Injection

json is vulnerable to command injection. The vulnerability exists because it does not sufficiently filter the lookup string argument to the function parseLookup, allowing an attacker to pass malicious commands through it...

Sophos VPN Web Panel 2020 - Denial of Service Exploit

Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System parse JSON data. If...

UBUNTU-CVE-2020-14624

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks ...

Command Injection

json is vulnerable to command injection. The vulnerability exists due to the usage of eval in the parseString function of json.js, allowing a malicious user to inject malicious commands through it...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

SUSE-SU-2020:0995-1 Security update for ruby2.5

This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON bsc1167244. - CVE-2020-10933: Heap exposure vulnerability in the socket library bsc1168938...

ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18853 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)

io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18853 Source advisory: OSV:GHSA-F94M-MQHR-MC29...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), be.cetic:rts-gen_2.12 (>=0.1.3 <=0.1.13) +382 more potentially affected by CVE-2018-18853 via io.spray:spray-json_2.12 (>=1.3.2 <=1.3.4)

io.spray:spray-json2.12 MAVEN version =1.3.2, =0.3.0, =0.1.3, =0.1.14, =0.11.1, =0.15.2, =0.2.0, =0.0.82.12, =1.23.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0-RC8 - com.chudsaviet.gradle.avrohugger:com.chudsaviet.gradle.avrohugger.gradle.plugin =0.2.4 - com.cra.figaro:figaro2.12 =5.0.0.0 and more Source...

ai.deepsense:seahorse-executor-commons_2.11 (>=1.4.2 <=1.4.3), ai.deepsense:seahorse-executor-deeplang_2.11 (>=1.4.2 <=1.4.3) +505 more potentially affected by CVE-2018-18854 via io.spray:spray-json_2.11 (>=1.2.6 <=1.3.4)

io.spray:spray-json2.11 MAVEN version =1.2.6, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4, =1.0, =0.1.3, =0.1.14, =1.0.0, =0.1.0, =0.5.0, =0.11.1, =0.15.2, =0.5.0, =0.0.8, =0.0.12 and more Source cves: CVE-2018-18854 Source advisory: OSV:GHSA-Q8XJ-8XG3-W432...

co.actioniq:scalavro-core_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0), co.actioniq:scalavro_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0) +210 more potentially affected by CVE-2018-18854 via io.spray:spray-json_2.10 (>=1.2.5 <=1.3.4)

io.spray:spray-json2.10 MAVEN version =1.2.5, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.3 and more Source cves: CVE-2018-18854 Source advisory: OSV:GHSA-Q8XJ-8XG3-W432...