Lucene search
K

48 matches found

NVD
NVD
added 2024/09/11 5:15 p.m.29 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
OSV
OSV
added 2024/09/11 5:15 p.m.8 views

CVE-2024-20381

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS5.8AI score0.00576EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 4:38 p.m.28 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS6.9AI score0.00576EPSS
Exploits0References1
CVE
CVE
added 2024/09/11 4:38 p.m.129 views

CVE-2024-20381

CVE-2024-20381 involves a JSON-RPC API authorization bypass in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD, used by web interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN routers. The root cause is improper authorization checks on the API, allowing an authenticate...

8.8CVSS8.6AI score0.00576EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/09/11 4:38 p.m.33 views

CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS0.00576EPSS
Exploits0References1
Cisco
Cisco
added 2024/09/11 4:0 p.m.29 views

Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator NSO and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the...

8.8CVSS8.7AI score0.00576EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2024/01/23 10:15 p.m.27 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.5CVSS8.2AI score0.2732EPSS
Exploits1
OSV
OSV
added 2024/01/23 10:15 p.m.8 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.7AI score
Exploits0References3
NVD
NVD
added 2024/01/23 10:15 p.m.25 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.7AI score0.2732EPSS
Exploits1References2
Prion
Prion
added 2024/01/23 10:15 p.m.22 views

Code injection

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.5CVSS8.1AI score0.2732EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/23 12:0 a.m.47 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.9AI score0.2732EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/23 12:0 a.m.16 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

7.8AI score0.2732EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.3 views

PT-2024-12548

Name of the Vulnerable Software and Affected Versions snapcast versions prior to 0.23.0+dfsg1-1+deb11u1 snapcast versions prior to 0.26.0+dfsg1-1+deb12u1 snapcast version 0.27.0 Description An RCE vulnerability exists in snapcast, a multi-room client-server audio player. Remote attackers can...

9.8CVSS7.3AI score0.2732EPSS
Exploits1References17
CVE
CVE
added 2024/01/23 12:0 a.m.102 views

CVE-2023-36177

CVE-2023-36177 affects badaix Snapcast 0.27.0, where the Snapcast JSON-RPC API allows remote code execution and data leakage. Multiple connected advisories confirm vendor fixes: Debian bookworm patches Snapcast to 0.26.0+dfsg1-1+deb12u1 (DSA-5847-1); Debian bullseye patches to 0.23.0+dfsg1-1+deb1...

9.8CVSS9.6AI score0.2732EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2024/01/23 12:0 a.m.11 views

CVE-2023-36177

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API...

9.8CVSS9.8AI score0.2732EPSS
Exploits1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

Extreme Networks Switch Engine Cross-Site Request Forgery Vulnerability

Extreme Networks Switch Engine EXOS is a switch engine from Extreme Networks, Inc. A security vulnerability exists in Extreme Networks Switch Engine versions prior to 32.5.1.5, which stems from a cross-site request forgery CSRF vulnerability in the Chalet application. An attacker could exploit th...

8.8CVSS7.2AI score0.00276EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2021/10/13 1:4 p.m.34 views

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...

6.8AI score
Exploits0References5
OSV
OSV
added 2021/09/09 1:15 p.m.7 views

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

9.8CVSS7.3AI score0.0093EPSS
Exploits0References1
Arista
Arista
added 2021/08/20 12:0 a.m.51 views

Security Advisory 0066

Security Advisory 0066 . CSAF PDF Date: August 20th, 2021 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | August 20th, 2021 | Initial Release The CVE-ID tracking this issue: CVE-2021-28495 CVSSv3.1 Base Score: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L Description This advisory...

9.8CVSS9.6AI score0.0093EPSS
Exploits0
Prion
Prion
added 2021/03/09 6:15 p.m.23 views

Heap overflow

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

4CVSS6.7AI score0.01503EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder