Lucene search
K

307 matches found

OSV
OSV
added 2024/09/11 5:15 p.m.8 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS5.8AI score0.00576EPSS
Exploits0References1
NVD
NVD
added 2024/09/11 5:15 p.m.28 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 4:38 p.m.24 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 4:38 p.m.25 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS6.9AI score0.00576EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 4:38 p.m.127 views

CVE-2024-20381

CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...

8.8CVSS8.6AI score0.00576EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2024/09/11 4:0 p.m.27 views

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS8.7AI score0.00576EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/08/22 3:54 p.m.9 views

Monero: Spamming highly nested JSON RPC requests cause node to disconnect from p2p network

The vulnerability allowed an attacker to remotely lock monerod from syncing with the rest of the p2p network by forging a highly nested JSON payload and spamming it through a restricted RPC interface. The Epee JSON parser was found to allow duplicated fields and set a recursion limit that was too...

6.9AI score
Exploits0
NVD
NVD
added 2024/05/03 2:15 a.m.22 views

CVE-2023-38120

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9.3AI score0.03168EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 1:59 a.m.28 views

CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9.5AI score0.03168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 1:59 a.m.24 views

CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability

Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9AI score0.03168EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 1:59 a.m.85 views

CVE-2023-38120

The CVE-2023-38120 entry describes a vulnerability in the Adtran SR400ac where the ping command, exposed via JSON-RPC, accepts a crafted host parameter that can cause a system call from a user-supplied string, enabling code execution as root. The flaw is reachable over the network and requires au...

8.8CVSS9.3AI score0.03168EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2024/01/23 10:15 p.m.26 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.5CVSS8.2AI score0.28859EPSS
Exploits1
NVD
NVD
added 2024/01/23 10:15 p.m.23 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.7AI score0.28859EPSS
Exploits1References3
OSV
OSV
added 2024/01/23 10:15 p.m.8 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.7AI score
Exploits0References3
Prion
Prion
added 2024/01/23 10:15 p.m.19 views

Code injection

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.5CVSS8.1AI score0.28859EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2024/01/23 12:0 a.m.11 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.8AI score0.28859EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/01/23 12:0 a.m.16 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.8AI score0.28859EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.3 views

PT-2024-12548 · Badaix +1 · Snapcast +1

Name of the Vulnerable Software and Affected Versions: snapcast versions prior to 0.23.0+dfsg1-1+deb11u1 snapcast versions prior to 0.26.0+dfsg1-1+deb12u1 snapcast version 0.27.0 Description: An RCE vulnerability exists in snapcast, a multi-room client-server audio player. Remote attackers can...

9.8CVSS9.6AI score0.28859EPSS
Exploits1References19
CVE
CVE
added 2024/01/23 12:0 a.m.98 views

CVE-2023-36177

CVE-2023-36177 affects badaix Snapcast 0.27.0, where the Snapcast JSON-RPC API allows remote code execution and data leakage. Multiple connected advisories confirm vendor fixes: Debian bookworm patches Snapcast to 0.26.0+dfsg1-1+deb12u1 (DSA-5847-1); Debian bullseye patches to 0.23.0+dfsg1-1+deb1...

9.8CVSS9.6AI score0.28859EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/01/23 12:0 a.m.36 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.9AI score0.28859EPSS
Exploits1References2
Rows per page
Query Builder