CVE-2019-10781

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector...

DEBIAN-CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...

kube-apiserver: DoS with crafted patch of type json-patch

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...

PT-2019-13535 · Foxit · Foxit Phantompdf

Name of the Vulnerable Software and Affected Versions: Foxit PhantomPDF versions prior to 8.3.11 Description: The issue arises from the lack of proper validation of the existence of an object prior to performing operations on that object when executing JavaScript, which could cause the applicatio...

Fastjson Remote Code Execution Vulnerability (CNVD-2019-22238)

Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker via a carefully...

UBUNTU-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. A remote attacker is able to crash the application using a malicious Javascript object through the XMLHttpRequest.prototype.send function...

UBUNTU-CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

IBM API Connect Denial of Service Vulnerability (CNVD-2018-26026)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A security vulnerability exists in IBM API Connect versions 2018.1 through 2018.3.7 that stems from th...

CVE-2018-6065

CVE-2018-6065 is an integer overflow in Google Chrome/Chromium’s V8 engine that could allow remote heap corruption via a crafted HTML page. Documents confirm the affected component as the V8 JavaScript engine and indicate potential remote code execution/heap corruption in versions prior to 65.0.3...

atomic-openshift: oc patch with json causes masterapi service crash

An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management...

Foxit Reader and Foxit PhantomPDF for Windows Out-of-Bounds Read Vulnerability

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. An out-of-bounds read vulnerability exists in the handling of JSON objects in Foxit Reader 9.2.0.9297 and earlier and Foxit...

TP-Link TL-WR886N Denial of Service Vulnerability (CNVD-2019-07049)

The TP-Link TL-WR886N is a wireless router product from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WR886N version 6.0 2.3.4 and 7.0 1.1.0. An attacker can exploit the vulnerability by sending a request with long JSON data to cause the router service to crash...

CVE-2018-17005

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for firewall dmz enable...

PT-2018-16268 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The video-core process incorrectly handles fields from a user-controlled JSON...

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

CVE-2018-3903

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call...

PT-2018-16295 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The video-core process in the Samsung SmartThings Hub STH-ETH-250 device incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...

Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14292)

Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. samsungWifiScan handler is one of the WiFi network discovery handlers. A buffer overflow vulnerability exists in the samsungWifiScan handler of the video-core HT...

infinispan: deserialization of data in XML and JSON transcoders

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...