Fastjson Remote Code Execution Vulnerability (CNVD-2019-22238)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker via a carefully...

UBUNTU-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

UBUNTU-CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

IBM API Connect Denial of Service Vulnerability (CNVD-2018-26026)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.3.7 that stems from th...

atomic-openshift: oc patch with json causes masterapi service crash

An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management...

Foxit Reader and Foxit PhantomPDF for Windows Out-of-Bounds Read Vulnerability

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. An out-of-bounds read vulnerability exists in the handling of JSON objects in Foxit Reader 9.2.0.9297 and earlier and Foxit...

TP-Link TL-WR886N Denial of Service Vulnerability (CNVD-2019-07049)

The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...

CVE-2018-17005

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for firewall dmz enable...

PT-2018-16268 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The video-core process incorrectly handles fields from a user-controlled JSON...

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

CVE-2018-3903

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call...

PT-2018-16295 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The video-core process in the Samsung SmartThings Hub STH-ETH-250 device incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...

Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14292)

Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. samsungWifiScan handler is one of the WiFi network discovery handlers. A buffer overflow vulnerability exists in the samsungWifiScan handler of the video-core HT...

infinispan: deserialization of data in XML and JSON transcoders

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

CVE-2018-7904

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

Mozilla Firefox JSON Viewer Script Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. Mozilla Firefox suffers from a JSON Viewer script injection vulnerability. An attacker can use this vulnerability to run script code in the JSON Viewer context, which can be used to steal cooki...

PYSEC-2018-112

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

Multiple Dahua Product Access Validation Vulnerabilities

Dahua NVR50XX and so on are network hard disk camera products of China Dahua Dahua company. A security vulnerability exists in several Dahua products. The vulnerability can be exploited by an attacker to perform other operations by forging json messages...

Fortinet FortiOS Denial of Service Vulnerability (CNVD-2017-35607)

FortiOS is an intuitive operating system that lets you control all security and networking features of all FortiGates throughout your network. A denial of service vulnerability exists in Fortinet FortiOS. A remote authenticated user can cause the target web interface to be temporarily unavailable...