Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. Users are recommended to upgrade to version 18.12.10Ī deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.Ī deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.Ĭap'n Proto is a data interchange format and capability-based RPC system. This issue affects Apache OFBiz: before 18.12.10. It's due to XML-RPC no longer maintained still present. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This bypasses the RPC message hashes that protect against undesired MUNGE credential reuse. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |