JSON-RPC - API Security Blog

VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote ...

25 июля, 2023

Denial Of Service (DoS)

github.com/cometbft/cometbft is vulnerable to Denial of Service (DoS) attacks. A deadlock is introduced when serializing the struct `PeerState` to JSON when the new method `MarshallJSON` is used. One ...

20 июля, 2023

CVSS3 - MEDIUM

CVSS2 - MEDIUM

Old Blackmoon Trojan, NEW Monetization Approach

![Old Blackmoon Trojan, NEW Monetization Approach](https://blog.rapid7.com/content/images/2023/07/GettyImages-1187008408--1-.jpg) Rapid7 is tracking a new, more sophisticated and staged campaign using ...

13 июля, 2023

CVE-2023-34450

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the wa ...

07 июля, 2023

CometBFT PeerState JSON serialization deadlock

### Impact An internal modification to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. ...

07 июля, 2023

CometBFT PeerState JSON serialization deadlock

### Impact An internal modification to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places: 1. ...

07 июля, 2023

Deadlock in github.com/cometbft/cometbft/consensus

An internal modification to the way PeerState is serialized to JSON introduced a deadlock when the new function MarshalJSON is called. This function can be called in two ways. The first is via logs, b ...

07 июля, 2023

Opsview Monitor 5.x Command Execution

Post ContentRead More ...

01 июля, 2023