35 matches found
CVE-2025-25279
Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards...
btcd 安全漏洞
btcd is an alternative node-wide Bitcoin implementation written in Go golang open-sourced by Bitcoin in Go. A security vulnerability exists in btcd versions 0.10 through 0.24, which stems from a failure to properly reimplement the FindAndDelete functionality of Bitcoin Core, causing the btcd clie...
Cross site scripting
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
PT-2023-24890 · Multiversx · Mx-Chain-Go
Name of the Vulnerable Software and Affected Versions: mx-chain-go versions prior to 1.4.17 Description: The issue occurs when executing a relayed transaction in mx-chain-go, the official implementation of the MultiversX blockchain protocol. If the inner transaction fails, it increases the inner...
Denial Of Service (DoS)
github.com/btcsuite/btcd and github.com/lightningnetwork/lnd are vulnerable to denial of service. The vulnerability exists due to improper validation of blocks in msgtx.go which allows to an attacker to crash the node on block validation...
GHSA-4G52-PQCJ-PHVH BLS Signature "Malleability"
Impact 1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. 2. Lotus block validation functions perform a uniquenes...
BLS Signature "Malleability"
Impact 1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. 2. Lotus block validation functions perform a uniquenes...
CVE-2021-21405 BLS Signature "Malleability"
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...
CVE-2021-21405
CVE-2021-21405 concerns Lotus, a Go implementation of the Filecoin protocol. The issue arises from BLS signature validation that uses the blst VerifyCompressed method, which accepts signatures in two forms: “serialized” and “compressed.” Because the block header CID embeds the BlockSig, Lotus pre...
Łukasz Magiera lotus 数据伪造问题漏洞
Łukasz Magiera lotus is an open source application by Łukasz Magiera.Filecoin distributed storage network implementation. Lotus has a security vulnerability. the Lotus block validation function performs a uniqueness check on the supplied block...
USN-4221-1 libpcap vulnerability
It was discovered that libpcap did not properly validate PHB headers in some situations. An attacker could use this to cause a denial of service memory exhaustion...
UBUNTU-CVE-2018-1093
The ext4validblockbitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers...
MGASA-2017-0065 Updated kernel-linus fixes security vulnerabilities
This kernel-linus update is based on upstream 4.4.50 and fixes at least the following security issues: The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service system hang by leveraging access t...
DEBIAN-CVE-2016-10208
The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image...
UBUNTU-CVE-2013-1819
The xfsbuffind function in fs/xfs/xfsbuf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging the ability to mount an XFS filesyst...