307 matches found
CVE-2024-20381
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
CVE-2024-20381
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
CVE-2024-20381
CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...
Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...
Monero: Spamming highly nested JSON RPC requests cause node to disconnect from p2p network
The vulnerability allowed an attacker to remotely lock monerod from syncing with the rest of the p2p network by forging a highly nested JSON payload and spamming it through a restricted RPC interface. The Epee JSON parser was found to allow duplicated fields and set a recursion limit that was too...
CVE-2023-38120
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120 Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2023-38120
The CVE-2023-38120 entry describes a vulnerability in the Adtran SR400ac where the ping command, exposed via JSON-RPC, accepts a crafted host parameter that can cause a system call from a user-supplied string, enabling code execution as root. The flaw is reachable over the network and requires au...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
Code injection
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...
PT-2024-12548 · Badaix +1 · Snapcast +1
Name of the Vulnerable Software and Affected Versions: snapcast versions prior to 0.23.0+dfsg1-1+deb11u1 snapcast versions prior to 0.26.0+dfsg1-1+deb12u1 snapcast version 0.27.0 Description: An RCE vulnerability exists in snapcast, a multi-room client-server audio player. Remote attackers can...
CVE-2023-36177
CVE-2023-36177 affects badaix Snapcast 0.27.0, where the Snapcast JSON-RPC API allows remote code execution and data leakage. Multiple connected advisories confirm vendor fixes: Debian bookworm patches Snapcast to 0.26.0+dfsg1-1+deb12u1 (DSA-5847-1); Debian bullseye patches to 0.23.0+dfsg1-1+deb1...
CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...