11/9/2023 0 Comments Twonky server serialThis will prevent nodes from routing through your node, meaning that no pending HTLCs can be present.CVE-2022-3920HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Users unable to upgrade may use the `lncli updatechanpolicy` RPC call to increase their CLTV value to a very high amount or increase their fee policies. A patch is available in `lnd` version 0.15.4. This can cause loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires forgetting the funds in the HTLC. Opening channels is prohibited, and also on chain transaction events will be undetected. In this degraded state, nodes can continue to make payments and forward HTLCs, and close out channels. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. Fixed in 1.11.9, 1.12.5, and 1.13.2."CVE-2022-39389Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVE-2022-40716HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.CVE-2022-47514An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.CVE-2022-46478The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.CVE-2022-46149Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Search CVE List Downloads Data Feeds Update a CVE Record Request CVE IDs TOTAL CVE Records: 194863 NOTICE: Transition to the all-new CVE website at and CVE Record Format JSON are underway.NOTICE: Changes are coming to CVE List Content Downloads in 2023.alignright text-align: right font-size: x-small Home > CVE > There are 568 CVE Records that match your search.NameDescriptionCVE-2023-24576EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |