EUVD-2022-7353

Malicious code in bioql PyPI...

Incorrect Validation

github.com/cometbft/cometbft/light is vulnerable to Incorrect Validation. The vulnerability is due to incomplete validation of the ProposerPriority field in the ValidatorSet retrieved from RPC endpoints, which can lead to inconsistencies in the proposer selection algorithm and potentially cause t...

CometBFT's state syncing validator from malicious node may lead to a chain split

Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...

BIT-CONSUL-2022-3920 Consul Peering Imported Nodes/Services Leak

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

CVE-2022-3920 Consul Peering Imported Nodes/Services Leak

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

CVE-2022-28372

The CVE-2022-28372 entry describes a vulnerability in Verizon 5G Home LVSKIHP devices (IDU 3.4.66.162 and ODU 3.33.101.0). The CRTC and ODU RPC endpoints allow provisioning a firmware update via crtc_fw_upgrade or crtcfwimage; the provided URL is not validated, enabling arbitrary file upload to t...

PT-2022-18980 · Verizon · Verizon 5G Home Lvskihp Outdoorunit

Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The CRTC and ODU RPC endpoints rely on a static certificate for access control, which is embedded in the firmwar...

Apache Ozone has an unspecified vulnerability (CNVD-2021-91626)

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...

GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...