211 matches found
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...
CVE-2025-6709 Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...
CVE-2025-6709
CVE-2025-6709 describes a denial-of-service vulnerability in MongoDB Server caused by improper handling of specific date values in JSON input when using OIDC authentication. Affected are MongoDB Server versions prior to 7.0.17 (7.0.x), prior to 8.0.5 (8.0.x), and prior to 6.0.21 (6.0.x). In v7.0/...
Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. Thi...
PT-2025-26973
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.21 MongoDB Server versions 7.0.0 through 7.0.16 MongoDB Server versions 8.0.0 through 8.0.4 Description: The MongoDB Server is susceptible to a denial of service issue due to improper handling of specific...
MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and serv...
FreeBSD : MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication (5b87eef6-52aa-11f0-b522-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b87eef6-52aa-11f0-b522-b42e991fc52e advisory. NVD reports: The MongoDB Server is susceptible to a denial of service vulnerability due to improper...
EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1608)
According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...
DoS (Denial of Service) Third-Party Dependency in Crowd Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 6.1.0 and 6.2.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...
CVE-2025-0695
An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input...
CVE-2021-43853
Ajax.NET Professional AjaxPro is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation...
CVE-2020-7965
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made...
CVE-2011-2532
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service infinite loop via invalid JSON data, as demonstrated by truncated data...
Atlassian Jira Service Management Data Center and Server 5.12.4 < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.5.1 DoS (JSDSERVER-16144)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a denial of service vulnerability as referenced in the JSDSERVER-16144 advisory. - A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading...
CVE-2025-0649
Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...
CVE-2025-0649 Stack Exhaustion In Tensorflow Serving
Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...
CVE-2025-0649
CVE-2025-0649 affects Google’s TensorFlow Serving up to version 2.18.0, where an incorrect JSON input stringification can lead to potentially unbounded recursion and a server crash. Root cause: improper handling of JSON inputs in the serving component. Impact: high availability risk (server crash...
CVE-2025-0649 Stack Exhaustion In Tensorflow Serving
Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...
PT-2025-19869 · Unknown · Tensorflow
Name of the Vulnerable Software and Affected Versions: Tensorflow serving versions up to 2.18.0 Description: The issue is related to incorrect JSON input stringification in Tensorflow serving, which allows for potentially unbounded recursion. This can lead to a server crash. Recommendations: For...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the apply function in org/jsonschema2pojo/rules/SchemaRule.java. An attacker can execute arbitrary code or cause denial of service by manipulating the JSON file input to trigger a stack-based buffer...