deep-parse-json 安全漏洞

deep-parse-json is a Javascript function for recursively parsing stringified json by Sibaprasad Maiti Personal Developer. A security vulnerability exists in deep-parse-json version 1.0.2, which stems from an application not properly validating incoming JSON keys...

Fluentd 代码问题漏洞

Fluentd is an open source log collector from Fluentd Open Source. Collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop, and more. Fluentd suffers from a security vulnerability. An attacker exploits the vulnerability to execute arbitrary code via a...

GHSA-X27M-9W8J-5VCW Jettison memory exhaustion

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

CVE-2022-37775

Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...

UBUNTU-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

The vulnerability of the Xstream Java library for converting objects to XML or JSON format allows a malicious actor to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream library for converting objects into XML or JSON format involves an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause service failures remotely...

morgan-json 安全漏洞

morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Calabrio Teleopti WFM 安全漏洞

Calabrio Teleopti WFM is an enterprise workforce management system from Calabrio USA. providing everything needed to effectively manage employees, forecast demand, automate schedule creation, develop accurate and insightful reports, and improve overall customer service operations. A security...

BitTorrent uTorrent 安全漏洞

BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by the American company BitTorrent. A security vulnerability exists in BitTorrent uTorrent that stems from some unknown functionality of the component JSON RPC server. A remote attacker could exploit the vulnerability to...

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

DEBIAN-CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

编号撤回

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-44355

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

MingSoft MCMS 访问控制错误漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. MCMS 5.2.5 and previous versions have a security vulnerability that originates from net.mingsoft.basic.action.web.EditorActioneditor missing for json data The vulnerability can be exploited for remote code execution...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44393

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44377

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A denial of service vulnerability exists in Reolink RLC-410W in version v3.0.0.13620121102, which stems from the JSON parsing function of cgiserver.cgi not doing the correct handling of incoming error messages. An attacker could use th...