jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

FreeBSD : security/keycloak -- Multiple possible DoS attacks (9d9e9439-959e-11ed-b464-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9e9439-959e-11ed-b464-b42e991fc52e advisory. - Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS...

Debian DSA-5312-1 : libjettison-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5312 advisory. - Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an...

CVE-2022-45688

A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

Hutool 缓冲区错误漏洞

Hutool is a small but complete Java tool library for the Chinese Dromara community. A security vulnerability exists in Hutool version v5.8.10, which originates from a stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component, allowing an attacker to cause a denial of servic...

hutool-json stack overflow vulnerability

A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5.8.10 allows attackers to cause a Denial of Service DoS via crafted JSON or XML data...

Information Disclosure

concrete5/concrete5 is vulnerable to information disclosure. The vulnerability allows an attacker to inject a crafted payload into the URL path folder and and access sensitive XML data...

Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks

Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...

Cross site request forgery (csrf)

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)

An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in errors in XML request processing, allowing attackers to execute arbitrary code.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created XML data...

PT-2022-6981 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: The issue is related to a stack-based buffer overflow in the SetAPLanSettings function of the D-Link DAP-1325 wireless signal amplifier's firmware when handling XML data. This can...

PT-2022-7015 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: The issue is related to a stack-based buffer overflow in the SetHostIPv6StaticSettings function when handling the StaticAddress parameter. This can be exploited by a remote attacker...

Denial Of Service (DoS)

XStream Core is vulnerable to denial of service. The vulnerability exist due to a stack overflow during the serialization of xml data which allows an attacker to parse malicious input causing an application crash...

DEBIAN-CVE-2022-40150

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

CVE-2022-40152 Stack Buffer Overflow in Woodstox

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40151 Stack Buffer Overflow in xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40151

CVE-2022-40151 affects XStream: a Denial of Service via stack-based overflow when parsing XML data. IBM bulletin for SPSS Collaboration and Deployment Services notes this CVE among multiple Woodstox/XStream issues and provides remediation via IFix download for SPSS versions 8.5 and 8.6 (IM-SCaDS-...