CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

DEBIAN-CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

Moodle Cross-site Scripting

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS...

编号撤回

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

XSS in JSON: Old-School Attacks for Modern Applications

I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible...

CVE-2021-44355

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...

Low: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2021-44210

OX App Suite through 7.10.5 allows XSS via NIFF Notation Interchange File Format data...

Format string

OX App Suite through 7.10.5 allows XSS via NIFF Notation Interchange File Format data...

CVE-2021-44210

OX App Suite (Open-Xchange) up to version 7.10.5 is affected by a Cross-Site Scripting flaw in the frontend triggered via NIFF data. Publicly documented details indicate the vulnerable version is 7.10.5 with a fix in 7.10.5-rev26. Impact involves executing script in the victim’s context through N...

MingSoft MCMS 访问控制错误漏洞

MingSoft Mcms is a complete open source J2ee system from MingSoft. MCMS 5.2.5 and previous versions have a security vulnerability that originates from net.mingsoft.basic.action.web.EditorActioneditor missing for json data The vulnerability can be exploited for remote code execution...

[SECURITY] Fedora 35 Update: rust-ron-0.7.0-1.fc35

Rusty Object Notation...

[SECURITY] Fedora 35 Update: rust-ron0.6-0.6.6-1.fc35

Rusty Object Notation...

[SECURITY] Fedora 34 Update: rust-ron0.6-0.6.6-1.fc34

Rusty Object Notation...

[SECURITY] Fedora 34 Update: rust-ron-0.7.0-1.fc34

Rusty Object Notation...

Fedora: Security Advisory for rust-ron0.6 (FEDORA-2022-eb16f07001)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44393

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44377

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...