EUVD-2012-1918

Malware in sbrugna...

GO-2023-1865 Vega's validators able to submit duplicate transactions in code.vegaprotocol.io/vega

Vega's validators able to submit duplicate transactions in code.vegaprotocol.io/vega...

PT-2023-31423 · Dalmann · Ocpp.Core

Name of the Vulnerable Software and Affected Versions: Dalmann OCPP.Core versions prior to 1.3.0 Description: An issue was discovered in Dalmann OCPP.Core for OCPP Open Charge Point Protocol for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to t...

GO-2023-1883 Denial of service via OOM in github.com/cometbft/cometbft

A bug in the CometBFT middleware causes the mempool's two data structures to fall out of sync. This can lead to duplicate transactions that cannot be removed, even after they are committed in a block. The only way to remove the transaction is to restart the node. This can be exploited by an...

GHSA-W24W-WP77-QFFM CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

CVE-2023-34451 CometBFT may duplicate transactions in the mempool's data structures

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

PT-2023-24887 · Cometbft · Cometbft

Name of the Vulnerable Software and Affected Versions: CometBFT versions v0.34.28 and prior, v0.37.0, v0.37.1 Description: The mempool in CometBFT maintains two data structures, a list and a map, to track outstanding transactions. These data structures are supposed to be in sync, with the map...

Duplicate Transactions

code.vegaprotocol.io/vega is vulnerable to Duplicate Transactions. The vulnerability allows an attacker to trick a validator node into processing duplicate transactions, resulting in 50x deposit amount...

CVE-2023-35163 Vega's validators able to submit duplicate transactions

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

CVE-2023-35163 Vega's validators able to submit duplicate transactions

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

GHSA-8RC9-VXJH-QJF2 Vega's validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resultin...

Information disclosure

The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service unspendable transaction by leveraging the ability to create a...

CVE-2012-1909

Removed by vendor...