Lucene search
+L

109 matches found

RedHat Linux
RedHat Linux
added 2023/01/31 1:18 p.m.6 views

jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos

A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service...

7.5CVSS7.4AI score0.01395EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/01/11 4:48 p.m.5 views

dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

7.5CVSS5.8AI score0.0274EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/11 4:41 p.m.6 views

dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

7.5CVSS5.8AI score0.0274EPSS
Exploits0References5
OSV
OSV
added 2022/11/03 12:0 a.m.17 views

CVE-2022-41714 fastest-json-copy 1.0.1 - Prototype Pollution

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS6.1AI score0.00615EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 3:50 a.m.30 views

Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

4.3CVSS5.6AI score0.02392EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 12:0 a.m.24 views

Cross-site Scripting in jquery.json-viewer

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

6.1CVSS6.1AI score0.00684EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/05 12:0 a.m.19 views

GHSA-QP2Q-6H9J-JG2R Cross-site Scripting in jquery.json-viewer

The jquery.json-viewer library before version 1.5.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

6.1CVSS6.1AI score0.00684EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/12 5:15 a.m.2 views

CVE-2022-29080

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...

9.8CVSS7.2AI score0.02324EPSS
Exploits1References3
OSV
OSV
added 2022/02/04 11:15 p.m.3 views

CVE-2021-21970

An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at 3 the jsonobjectgetstring to populate the pname global variable. The pname is only 0x80 bytes long, and the...

8.1CVSS6AI score0.0089EPSS
Exploits1References1
Prion
Prion
added 2021/12/22 9:15 p.m.14 views

Cross site scripting

Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...

3.5CVSS5.3AI score0.00824EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2021/11/18 6:1 p.m.64 views

CVE-2021-3918

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

9.8CVSS9.2AI score0.03563EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/11/01 11:30 a.m.31 views

Melting-Cobalt - A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object

A tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be expansive and internet wide using services like SecurityTrails, Shodan, or ZoomEye or a list of IP's. Getting started 1. Install melting-cobalt 2. Configure your tokens to...

7.2AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 2021/06/29 4:10 p.m.84 views

Moderate: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References12
NVD
NVD
added 2021/04/15 2:15 p.m.23 views

CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

8.1CVSS0.01875EPSS
Exploits1References1
NVD
NVD
added 2021/04/15 2:15 p.m.17 views

CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS0.02545EPSS
Exploits1References1
Prion
Prion
added 2021/04/15 2:15 p.m.16 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

7.5CVSS9.8AI score0.02545EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/15 2:15 p.m.10 views

Design/Logic Flaw

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

6.8CVSS8.2AI score0.01875EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/15 1:41 p.m.20 views

CVE-2020-28593

A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

8.1CVSS8.2AI score0.01875EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/04/15 1:40 p.m.20 views

CVE-2020-28592

A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

8.1CVSS9.9AI score0.02545EPSS
Exploits1References1
Talos
Talos
added 2021/04/15 12:0 a.m.21 views

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS9.4AI score0.02545EPSS
Exploits1
Rows per page
Query Builder