101 matches found
CVE-2022-41875 Remote Code Execution in Optica
A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...
CVE-2022-41875 Remote Code Execution in Optica
A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...
PT-2022-26108 · Opticam · Optica
Name of the Vulnerable Software and Affected Versions: Optica versions prior to 0.10.2 Description: A remote code execution issue in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This can lead to remote code execution on the attacked system...
CVE-2022-41875 Remote Code Execution in Optica
A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...
CVE-2022-39379
A remote code execution RCE vulnerability was found in non-default configurations of Fluentd. This issue allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
Arbitrary Code Execution
fluentd is vulnerable to remote code execution. The vulnerability exists in due to ojoptions.rb, where a non-default configuration allows unauthenticated attackers to execute arbitrary codes via specially crafted JSON payloads...
GHSA-FPPQ-MJ76-FPJ2 fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...
CVE-2022-39379
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
Remote code execution
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...
CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
Remote code execution
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load
CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...
CVE-2022-36038
CVE-2022-36038 affects CircuitVerse. A remote code execution vulnerability allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. The root cause is linked to Oj.load usage, with a patch available in commit 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. Affected v...
PT-2022-23134 · Unknown · Circuitverse
Name of the Vulnerable Software and Affected Versions: CircuitVerse versions prior to the version with commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e Description: CircuitVerse is an open-source platform for constructing digital logic circuits online. A remote code execution issue allows...
Remote code execution
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution RCE vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This...
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
Impact LoginPacket uses BinaryStream-getLInt to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream-getLInt returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size which would be interpreted as a...
GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...