dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

Summary dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host...

CVE-2026-42559

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

RUSTSEC-2026-0140 DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport

dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...

icarus (>=0.2.0 <=0.5.8), icarus-core (>=0.1.0 <=0.5.8) +9 more potentially affected by CVE-2026-42559 via rmcp (>=0.1.1 <=0.6.4)

rmcp CARGO version =0.1.1, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2026-42559 Source advisory: OSV:GHSA-89VP-X53W-74FX...

rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

Summary Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running...

EUVD-2014-9500

Malware in sbrugna...

CGA-3C2M-RMCP-W782

Bulletin has no description...

JVN#38752718: Multiple NEC Products vulnerable to authentication bypass

In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP...

[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

[SECURITY] Fedora 30 Update: ipmitool-1.8.18-19.fc30

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

CVE-2014-9692

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117...

CVE-2014-9692

CVE-2014-9692 affects Huawei Tecal servers (multiple models listed in the Intel/ROM update lines) with a vulnerability in RMCP+ session ID handling. The RMCP+ session IDs can be inferred, enabling an attacker to impersonate legitimate users and gain access with forged identities. Public reference...

CVE-2014-9692

Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285 V2 V100R002C00SPC115 and earlier versions, Tecal RH2265 V2 V100R002C00, Tecal RH2285H V2 V100R002C00SPC111 and earlier versions, Tecal RH2268 V2 V100R002C00, Tecal RH2288 V2 V100R002C00SPC117...

Dell iDRAC IPMI 1.5 Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

Security Advisory-Multiple Vulnerabilities on Huawei Tecal

Some Huawei server products have multiple security vulnerabilities. 1.Some Huawei server products have the sensitive information leak vulnerability. Users who log in to the products can view the sessions IDs of all online users on the Online Users page of the web UI. Attackers can also view the...

CVE-2013-4786

CVE-2013-4786 is an IPMI 2.0 vulnerability where RAKP authentication can leak HMAC data, enabling an attacker with IPMI network access to obtain password hashes and potentially hijack or replay BMC sessions. CERT notes that an unauthenticated attacker on the BMC network can predict session identi...

CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol RAKP authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. Recent assessments: Assessed...

Fedora Update for ipmitool FEDORA-2011-17071

Check for the Version of ipmitool OpenVAS Vulnerability Test Fedora Update for ipmitool FEDORA-2011-17071 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 16 Update: ipmitool-1.8.11-8.fc16

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...