Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-4425
Jansson 2.7 and previous versions allows context-dependent malicious users to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
Jansson Project Jansson
7.5
CVSSv3
CVE-2019-10691
The JSON encoder in Dovecot prior to 2.3.5.2 allows malicious users to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
Dovecot Dovecot
Opensuse Leap 15.0
7.5
CVSSv3
CVE-2016-4074
The jv_dump_term function in jq 1.5 allows remote malicious users to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.
Jq Project Jq
NA
CVE-2013-0256
darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Rdoc
Ruby-lang Rdoc 4.0.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
7.3
CVSSv3
CVE-2022-20707
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an malicious user to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch ...
Cisco Rv340 Firmware
Cisco Rv340w Firmware
Cisco Rv345 Firmware
Cisco Rv345p Firmware
1 Metasploit module
NA
CVE-2013-4154
The qemuAgentCommand function in libvirt prior to 1.1.1, when a guest agent is not configured, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "...
Redhat Libvirt 1.0.5
Redhat Libvirt 1.0.4
Redhat Libvirt 1.0.1
Redhat Libvirt
Redhat Libvirt 1.0.6
Redhat Libvirt 1.0.2
Redhat Libvirt 1.0.3
Redhat Libvirt 1.0.0
NA
CVE-2013-4153
Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 up to and including 1.1.0 allows remote malicious users to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest&...
Redhat Libvirt 1.0.6
Redhat Libvirt 1.1.0
6.5
CVSSv3
CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
5 Github repositories
7.5
CVSSv3
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an malicious user to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions before 3.4.4; Apach...
Apache Cxf
Apache Tomee 8.0.6
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Communications Element Manager 8.2.2
NA
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »