CVE-2017-12118

An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...

Design/Logic Flaw

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

CVE-2017-12116

The CVE-2017-12116 entry concerns cpp-ethereum’s JSON-RPC API miner_setGasPrice. The vulnerability stems from improper authorization checks in the miner_setGasPrice API, allowing a remote attacker to access restricted functionality without credentials. Publicly reported impact indicates possible ...

CVE-2017-12118

CVE-2017-12118 refers to a vulnerability in cpp-ethereum’s JSON‑RPC miner_stop API where improper authorization could allow a remote attacker to trigger functionality reserved for admins. The weakness stems from missing privilege checks in miner_stop (no RPC_ADMIN guard), with attacker-controlled...

CVE-2017-12113

The CVE-2017-12113 issue affects cpp-ethereum’s JSON-RPC admin_nodeInfo API. A missing authorization check (improper authorization) allows a remote attacker to trigger restricted functionality without credentials. Descriptions from Talos and related advisories confirm the vulnerability in Ethereu...

CVE-2017-14460

An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...

CVE-2017-12119

CVE-2017-12119 is a denial-of-service vulnerability in CPP-Ethereum JSON-RPC. A malformed JSON request can trigger an unhandled exception in the JSON-RPC server (via JSON-Cpp value handling and isInt checks), crashing the client. Public documentation lists multiple vulnerable JSON-RPC APIs (e.g.,...

CVE-2017-14460

The CVE-2017-14460 issue affects Parity Ethereum client’s JSON-RPC interface, where the default overly permissive cross-domain (CORS) whitelist (often *) can allow a malicious website to fetch or modify data through the JSON-RPC API if certain endpoints are enabled. TALOS details show an example ...

CVE-2017-12118

An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...

CVE-2017-12116

An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger...

CVE-2017-12113

An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger th...

CVE-2017-12112

An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger thi...

CVE-2017-12115

An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass...

Authorization

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

Authorization

An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass...

Authorization

An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12114

An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12117

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12115

CVE-2017-12115 affects cpp-ethereum’s JSON-RPC endpoint miner_setEtherbase. The root cause is improper authorization: the function does not perform a user privilege check, allowing the execution of restricted functionality via a JSON request. The vulnerability is demonstrated by the existence of ...

CVE-2017-12112

An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger thi...