Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Calabrio Teleopti WFM 安全漏洞

Calabrio Teleopti WFM is an enterprise workforce management system from Calabrio USA. providing everything needed to effectively manage employees, forecast demand, automate schedule creation, develop accurate and insightful reports, and improve overall customer service operations. A security...

BitTorrent uTorrent 安全漏洞

BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by the American company BitTorrent. A security vulnerability exists in BitTorrent uTorrent that stems from some unknown functionality of the component JSON RPC server. A remote attacker could exploit the vulnerability to...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

DEBIAN-CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

编号撤回

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-44355

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

MingSoft MCMS 访问控制错误漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. MCMS 5.2.5 and previous versions have a security vulnerability that originates from net.mingsoft.basic.action.web.EditorActioneditor missing for json data The vulnerability can be exploited for remote code execution...

CVE-2021-44393

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44377

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the JSON parsing function of cgiserver.cgi not doing the correct handling of incoming error messages. An attacker could use th...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

PT-2021-7265 · Unknown +9 · Json-Schema +9

Name of the Vulnerable Software and Affected Versions: json-schema versions prior to 0.4.0 Description: The issue is related to the improper control of modification of object prototype attributes, also known as 'Prototype Pollution'. This can occur when processing JSON files, potentially allowing...

Phoenix Contact PLCnext Control Devices 输入验证错误漏洞

Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact, Germany. An input validation error vulnerability exists in Phoenix Contact PLCnext Control Devices prior to version 2021.0.5LTS, which stems from the control device being...

Axios Systems Assyst 代码问题漏洞

Axios Systems Assyst is an off-the-shelf application from UK-based Axios Systems for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst version 10 SP7.5 suffers from a security vulnerability that stems fr...

CVE-2021-23028

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...

CVE-2021-26605

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication...