14 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
PYSEC-2026-1306 Reverb use after free vulnerability
There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...
MAL-2026-6472 Malicious code in tailwindcss-effector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...
EUVD-2022-7353
Malicious code in bioql PyPI...
Incorrect Validation
github.com/cometbft/cometbft/light is vulnerable to Incorrect Validation. The vulnerability is due to incomplete validation of the ProposerPriority field in the ValidatorSet retrieved from RPC endpoints, which can lead to inconsistencies in the proposer selection algorithm and potentially cause t...
CometBFT's state syncing validator from malicious node may lead to a chain split
Name: ASA-2024-009: State syncing validator from malicious node may lead to a chain split Component: CometBFT Criticality: Medium ACMv1.2: I:Moderate; L: Possible Affected versions: = 0.34.0, =0.37.0, = 0.38.0, = 0.38.11 Summary The state sync protocol retrieves a snapshot of the application and...
BIT-CONSUL-2022-3920 Consul Peering Imported Nodes/Services Leak
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...
Design/Logic Flaw
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...
CVE-2022-3920 Consul Peering Imported Nodes/Services Leak
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...
CVE-2022-28372
The CVE-2022-28372 entry describes a vulnerability in Verizon 5G Home LVSKIHP devices (IDU 3.4.66.162 and ODU 3.33.101.0). The CRTC and ODU RPC endpoints allow provisioning a firmware update via crtc_fw_upgrade or crtcfwimage; the provided URL is not validated, enabling arbitrary file upload to t...
PT-2022-18980 · Verizon · Verizon 5G Home Lvskihp Outdoorunit
Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP InDoorUnit IDU version 3.4.66.162 Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0 Description: The CRTC and ODU RPC endpoints rely on a static certificate for access control, which is embedded in the firmwar...
Apache Ozone has an unspecified vulnerability (CNVD-2021-91626)
Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments. Apache Ozone version 1.2.0 has a security vulnerability that stems from various internal server-to-server RPC endpoints that can be used to connect, and an attacker can...
GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...
Exposure of sensitive information in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...