27 matches found
Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments
Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...
EUVD-2022-0124
Malicious code in bioql PyPI...
EUVD-2022-6271
Malicious code in bioql PyPI...
BIT-HYPERLEDGER-FABRIC-ORDERER-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
BIT-HYPERLEDGER-FABRIC-TOOLS-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
CVE-2023-46132
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
Cross site scripting
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2023-46132
CVE-2023-46132 describes a cross-linking attack against Hyperledger Fabric blocks where transaction encodings can be manipulated without changing the block hash. The connected documents provide concrete technical details and fixes: Fabric blocks hash transactions by naive concatenation, allowing ...
CVE-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2022-31006
CVE-2022-31006 affects Hyperledger Indy’s indy-node server. In vulnerable versions, an attacker can exhaust the ledger’s allowed client connections, causing a denial of service where the ledger remains functionally operable but unavailable to others until the attack ends. The impact is availabili...
Indy Node 资源管理错误漏洞
Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. Indy Node suffers from a resource management error vulnerability that stems from the fact that an attacker can use the guidance provided in the...
Remote code execution
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
PYSEC-2022-265
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2022-31020
Hyperledger Indy-Node (server portion of the Indy ledger) contains a remote code execution vulnerability in the pool-upgrade request handler for versions ≤ 1.12.4. An attacker could remotely execute code on nodes in the network due to improper authentication of pool-upgrade transactions. Indy-Nod...
CVE-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
CVE-2022-31121
Hyperledger Fabric vulnerability CVE-2022-31121 affects Fabric's orderer component. In affected versions, if a consensus client sends a malformed consensus request to an orderer, the orderer may crash. A fix was added in commit 0f1835949 that validates missing consensus messages and returns an er...
CVE-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
‘Ice phishing’ on the blockchain
The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...
Denial of Service Vulnerability in Hyperledger Fabric
Hyperledger Fabric is the open source, enterprise-class, distributed ledger platform with permissions. A denial of service vulnerability exists in Hyperledger Fabric, which can be exploited by an attacker to cause a denial of service...
Illegal Content and the Blockchain
Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have...