Lucene search
K

7 matches found

CNNVD
CNNVD
added 2024/12/09 12:0 a.m.7 views

Motoko 安全漏洞

Motoko is a secure, simple, participant-based programming language open-sourced by DFINITY for building Internet Computer ICP jar smart contracts. Motoko has a security vulnerability that stems from the incremental garbage collector containing an uninitialized memory access error...

6.5CVSS6.8AI score0.00238EPSS
Exploits0References2
HackRead
HackRead
added 2024/07/03 3:59 p.m.127 views

UN and DFINITY Partner on MSME Blockchain Project for Secure Funding

United Nations Development Programme UNDP Partners with the DFINITY Foundation to Enhance Financial Inclusion of MSMEs!...

7.3AI score
Exploits0
OSV
OSV
added 2024/02/26 8:10 p.m.16 views

GHSA-84C3-J8R2-MCM8 @nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys

Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...

9.1CVSS7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/26 8:10 p.m.23 views

@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys

Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...

7AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/02/21 2:54 a.m.6 views

@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +10 more potentially affected by CVE-2024-1631 via @dfinity/auth-client (>=0.20.2 <=0.9.3)

@dfinity/auth-client NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.0.1, =0.0.1, =0.0.3, =0.0.2, =0.0.38-next-2023-12-19, =0.0.1, =0.0.7 Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...

9.1CVSS7.2AI score0.00882EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/02/21 2:54 a.m.4 views

@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +29 more potentially affected by CVE-2024-1631 via @dfinity/identity (>=0.20.2 <=0.9.3)

@dfinity/identity NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.8.5, =0.8.0, =0.8.4, =0.1.8, =0.1.11, =1.0.0-alpha.0, =1.7.0, =0.0.1, =0.0.1, =0.0.4, =0.0.5-fix6 and more Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...

9.1CVSS7.2AI score0.00882EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-18179

Name of the Vulnerable Software and Affected Versions @dfinity/identity versions prior to 1.0.1 Description The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret...

9.1CVSS9.1AI score0.00882EPSS
Exploits1References15
Rows per page
Query Builder