4666 matches found
CVE-2017-12119
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability...
CVE-2017-14460
An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...
CVE-2017-14457
An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...
CVE-2017-12118
An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. An attacker can send JSON to trigger this vulnerability...
CVE-2017-12113
An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger th...
CVE-2017-12116
An exploitable improper authorization vulnerability exists in minersetGasPrice API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger...
Authorization
An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...
CVE-2017-12112
An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger thi...
CVE-2017-12112
An exploitable improper authorization vulnerability exists in adminaddPeer API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger thi...
CVE-2017-12114
An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...
CVE-2017-12115
An exploitable improper authorization vulnerability exists in minersetEtherbase API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass...
CVE-2017-12117
An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...
CVE-2017-12117
CVE-2017-12117 affects cpp-ethereum’s JSON-RPC miner_start API. The root cause is improper authorization checks in the miner_start implementation, allowing a remote attacker to trigger restricted functionality without credentials. Affected component is the JSON-RPC server inside cpp-ethereum (com...
CVE-2017-12097
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...
CVE-2018-2686
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...
CVE-2018-2687
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...
CVE-2018-2688
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...
CVE-2018-2690
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...
CVE-2018-2694
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2018-2693
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Guest Additions. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM...