SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the MariaDBFilterExpressionConverter, which allows attackers to bypass metadata-based access controls and execute SQL statements with malicious JSONVALUE input. Remediation Upgrade...

CVE-2019-11322

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

CVE-2024-4467

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

PT-2024-20319 · Cellinx · Cellinx Nvt Web Server

Name of the Vulnerable Software and Affected Versions: Cellinx NVT Web Server version 5.0.0.014 Description: An issue in the component /cgi-bin/GetJsonValue.cgi allows attackers to leak configuration information via a crafted POST request to the "GetJsonValue.cgi" endpoint. Recommendations: For...

Cellinx NVT Web Server Security Vulnerability

Cellinx NVT Web Server is a web platform for virtual terminal management NVT from Cellinx, Korea. The platform is mainly used for managing video surveillance devices, and is divided into a monitoring page and a setting page to control the terminal. A security vulnerability exists in Cellinx NVT W...

PYSEC-2024-261

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964 LFI in Gradio

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version

Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...

UBUNTU-CVE-2023-23088

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the jsonvalueparse function...

json-parser 缓冲区错误漏洞

json-parser is a standard JSON parser in C by xiehan personal developer. A security vulnerability exists in Barenboim json-parser version v1.1.0, which can be exploited by an attacker to execute arbitrary code via the jsonvalueparse function...

OSV-2021-801 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<Json::Value::CZString, Json::Value>, std

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34665 Crash type: UNKNOWN READ Crash state: std::1::tree, std std::1::mapJson::Value::CZString, Json::Value, std::1::lessJson::Value::CZ Json::Value::begin...

OSV-2021-776 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<Json::Value::CZString, Json::Value>, std

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34443 Crash type: UNKNOWN READ Crash state: std::1::tree, std std::1::mapJson::Value::CZString, Json::Value, std::1::lessJson::Value::CZ Json::Value::begin...

CVE-2020-26582

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping aka resconfigaction=3&resconfigid=18...

Authentication flaw

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping aka resconfigaction=3&resconfigid=18...

CVE-2020-26582

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping aka resconfigaction=3&resconfigid=18...

CVE-2019-11319

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value...

Command injection

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value...