Lucene search
K

101 matches found

Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.10 views

CVE-2022-41875 Remote Code Execution in Optica

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...

10CVSS9.9AI score0.01601EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.26 views

CVE-2022-41875 Remote Code Execution in Optica

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...

10CVSS10AI score0.01601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.4 views

PT-2022-26108 · Opticam · Optica

Name of the Vulnerable Software and Affected Versions: Optica versions prior to 0.10.2 Description: A remote code execution issue in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This can lead to remote code execution on the attacked system...

10CVSS9.9AI score0.01601EPSS
Exploits0References5
OSV
OSV
added 2022/11/23 12:0 a.m.24 views

CVE-2022-41875 Remote Code Execution in Optica

A remote code execution RCE vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE remote code execution on the attacked system running Optica. The vulnerability was patched in v...

10CVSS9.7AI score0.01601EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/11/14 5:26 a.m.29 views

CVE-2022-39379

A remote code execution RCE vulnerability was found in non-default configurations of Fluentd. This issue allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

8.1CVSS8AI score0.44708EPSS
Exploits0References4
Veracode
Veracode
added 2022/11/03 5:17 a.m.53 views

Arbitrary Code Execution

fluentd is vulnerable to remote code execution. The vulnerability exists in due to ojoptions.rb, where a non-default configuration allows unauthenticated attackers to execute arbitrary codes via specially crafted JSON payloads...

9.8CVSS9.6AI score0.44708EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/02 6:15 p.m.28 views

GHSA-FPPQ-MJ76-FPJ2 fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...

3.1CVSS7.6AI score0.44708EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/11/02 6:15 p.m.22 views

fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...

9.8CVSS9.8AI score0.44708EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/11/02 1:15 p.m.9 views

CVE-2022-39379

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

9.8CVSS0.44708EPSS
Exploits0References3
Prion
Prion
added 2022/11/02 1:15 p.m.17 views

Remote code execution

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

7.5CVSS9.8AI score0.44708EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/11/02 12:0 a.m.29 views

CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

3.1CVSS10AI score0.44708EPSS
Exploits0References3
RubySec
RubySec
added 2022/11/02 12:0 a.m.24 views

fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...

9.8CVSS5.6AI score0.44708EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/02 12:0 a.m.14 views

CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

3.1CVSS9.3AI score0.44708EPSS
Exploits0References5
Prion
Prion
added 2022/09/06 7:15 p.m.11 views

Remote code execution

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

4.4CVSS8.1AI score0.00872EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/06 7:0 p.m.4 views

CVE-2022-36038 CircuitVerse potential RCE vulnerability via Oj.load

CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. A remote code execution RCE vulnerability in CircuitVerse allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue may lead to Remote Code Executi...

8.8CVSS9.2AI score0.00872EPSS
Exploits0References2
CVE
CVE
added 2022/09/06 7:0 p.m.49 views

CVE-2022-36038

CVE-2022-36038 affects CircuitVerse. A remote code execution vulnerability allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. The root cause is linked to Oj.load usage, with a patch available in commit 7b3023a99499a7675f10f2c1d9effdf10c35fb6e. Affected v...

8.8CVSS8.5AI score0.00872EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-23134 · Unknown · Circuitverse

Name of the Vulnerable Software and Affected Versions: CircuitVerse versions prior to the version with commit number 7b3023a99499a7675f10f2c1d9effdf10c35fb6e Description: CircuitVerse is an open-source platform for constructing digital logic circuits online. A remote code execution issue allows...

8.8CVSS8.1AI score0.00872EPSS
Exploits0References5
Prion
Prion
added 2022/08/15 11:21 a.m.13 views

Remote code execution

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution RCE vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This...

6.5CVSS8.8AI score0.01265EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/05 5:53 p.m.19 views

Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown

Impact LoginPacket uses BinaryStream-getLInt to read the lengths of JSON payloads it wants to decode. Unfortunately, BinaryStream-getLInt returns a signed integer, meaning that a malicious client can craft a packet with a large uint32 value for payload buffer size which would be interpreted as a...

2.2AI score
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/09 10:54 p.m.21 views

GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

2.7CVSS3.4AI score0.00957EPSS
Exploits0References3
Rows per page
Query Builder