Parity replied to Cisco's vulnerability report

According to the representatives of Parity, vulnerabilities are fixed
12 January 2018   1328

Parity Technologies said that the vulnerabilities found by the Cisco Systems Inc. have been fixed in new versions of the Ethereum client software.

As stated in the developers' statement, the JSON-RPC interface, which supports the function of cross-domain requests, could really provide attackers with public information about an account to create an application for "undesirable transactions" and provide these transactions for signature to the user.

However, the company emphasizes, a potential leak of information could not contain confidential information, including private keys. All problems associated with the JSON-RPC interface have been fixed in the latest Parity software updates.

In addition, developers have changed the basic settings of the function of cross-domain requests in order to avoid information leakage. Now users must manually add secure domains to the whitelist in order to allow Parity software to interact with them.

Parity wallet is well known in cryptocurrency world. In July, hackers stole millions of dollars thru the vulnerability, which was fixed in few lines or code. In November, 513774.16 ETH got "froze".

Parity to Fix Serious Vulnerability

An error that could shut down the computers with ETH nodes was reported by the vice president of blockchain development at Amberdata
30 August 2019   483

Parity Technologies released a new version of the client that fixed a bug that could shut down computers running Ethereum nodes.

The first to discover the vulnerability and report it to Parity was Scott Bigelow, vice president of blockchain development at Amberdata analytic startup. According to him, only a small part of Parity's customers are at risk.

There was a vulnerability that [if exploited] would cause an immediate crash of the Parity client for all its services. There is no possibility to steal funds or do other malicious things but you could shut down some portion of ethereum nodes.
 

Scott Bigelow

Vice president of blockchain development,  Amberdata

Parity Technologies encouraged users to upgrade their clients to the latest version as soon as possible, especially those where the publicly available RPC and transaction history tracking module are activated.

Remote Procedure Call (RPC) is a protocol that allows you to request program data on third-party servers. In the blockchain industry, it is used to obtain information on balances at addresses, block numbers, and other information.

To date, the Parity client uses about 21% of nodes in the Ethereum network (3257, according to EtherNodes).