109 matches found
jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...
dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process
A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...
dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process
A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...
CVE-2022-41714 fastest-json-copy 1.0.1 - Prototype Pollution
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...
Djiblets Cross-site scripting Vulnerability via JSON Objects
A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...
Cross-site Scripting in jquery.json-viewer
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...
GHSA-QP2Q-6H9J-JG2R Cross-site Scripting in jquery.json-viewer
The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...
CVE-2022-29080
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...
CVE-2021-21970
An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at 3 the jsonobjectgetstring to populate the pname global variable. The pname is only 0x80 bytes long, and the...
Cross site scripting
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2021-3918
The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...
Melting-Cobalt - A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object
A tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like SecurityTrails, Shodan, or ZoomEye or a list of IP's. Getting started 1. Install melting-cobalt 2. Configure your tokens to...
Moderate: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update
An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28592
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
Heap overflow
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
Design/Logic Flaw
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28593
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2020-28592
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability
Summary A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...