MiracleLinux 9 : dotnet6.0-6.0.135-1.el9_4.ML.1 (AXSA:2024-8898:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8898:17 advisory. dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList CVE-2024-43484 dotnet: Denial of Service in System.Text.Json CVE-2024-43485...

EUVD-2022-0980

Malicious code in bioql PyPI...

EUVD-2023-2472

Malicious code in bioql PyPI...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : jq vulnerabilities (USN-7657-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7657-1 advisory. It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue ...

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

CVE-2022-1642

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard...

CVE-2019-19869

An issue was discovered in B Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

CVE-2025-47947

CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as "a": true, "b": null,9999999999999999999999999999999999999999999999912345678901234567...

CVE-2021-44402

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-57699

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

SUSE CVE-2023-43091

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code...

PT-2023-28696 · Gnome +1 · Gnome Maps +1

Name of the Vulnerable Software and Affected Versions: GNOME Maps affected versions not specified Description: A flaw was found in GNOME Maps, making it vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary...

Jettison Out-of-bounds Write vulnerability

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service DoS via crafted JSON data...

Cross site request forgery (csrf)

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetFtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

PT-2019-5668 · Dave Gamble · Cjson

Name of the Vulnerable Software and Affected Versions: DaveGamble/cJSON versions 1.7.8 Description: The issue is related to an improper check for unusual or exceptional conditions, which can lead to a null dereference. This can cause a denial of service when a crafted JSON file is used as an atta...

CVE-2016-4425

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service deep recursion, stack consumption, and crash via crafted JSON data...

CVE-2016-4074

The jvdumpterm function in jq 1.5 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted JSON file. This issue has been fixed in jq 1.6rc1-r0...