[SECURITY] Fedora 24 Update: capnproto-0.5.3.1-1.fc24
Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in ben ...
Continue Reading
June 30, 2023
CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability
### Summary An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereumâs JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an ...
Continue Reading
June 30, 2023
CPP-Ethereum JSON-RPC miner_setEtherbase improper authorization Vulnerability
### Summary An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereumâs JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can c ...
Continue Reading
June 30, 2023
Nimbus JOSE+JWT vulnerable to padding oracle attack
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.Read More ...
Continue Reading
June 30, 2023
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a ...
Continue Reading
June 30, 2023
Critical: java-1.7.0-openjdk
**Issue Overview:** It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbit ...
Continue Reading
June 30, 2023
CVE-2017-16665
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.R ...
Continue Reading
June 30, 2023
(RHSA-2023:3662) Important: c-ares security update
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more ...
Continue Reading
June 30, 2023
CVE-2017-6599
A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to ...
Continue Reading
June 30, 2023
CVE-2018-16886
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd c ...
Continue Reading
June 30, 2023
