CVE-2021-41135

The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...

EUVD-2022-6705

Malicious code in bioql PyPI...

EUVD-2024-48826

Malicious code in bioql PyPI...

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

CVE-2024-48915

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in lib/agent/certificate.dart does not occur properly. During the delegation verification in the checkDelegation function, the canisterranges aren't...

Agent Dart is missing certificate verification checks

Certificate verification in lib/agent/certificate.dart has been found to contain two issues: - During the delegation verification in checkDelegation function the canisterranges aren't verified. The impact of not checking the canisterranges is that a subnet can sign canister responses in behalf of...

GHSA-FMJ7-7GFW-64PG Agent Dart is missing certificate verification checks

Certificate verification in lib/agent/certificate.dart has been found to contain two issues: - During the delegation verification in checkDelegation function the canisterranges aren't verified. The impact of not checking the canisterranges is that a subnet can sign canister responses in behalf of...

CVE-2024-48915

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in lib/agent/certificate.dart does not occur properly. During the delegation verification in the checkDelegation function, the canisterranges aren't...

CVE-2024-48915 Agent Dart missing certificate verification checks

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in lib/agent/certificate.dart does not occur properly. During the delegation verification in the checkDelegation function, the canisterranges aren't...

CVE-2024-48915

Agent Dart (for Dart/Flutter) prior to version 1.0.0-dev.29 has certificate verification issues in lib/agent/certificate.dart. In _checkDelegation, canister_ranges are not verified, potentially allowing a subnet to sign canister responses on behalf of another subnet. The certificate’s /time path ...

CVE-2024-48915 Agent Dart missing certificate verification checks

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in lib/agent/certificate.dart does not occur properly. During the delegation verification in the checkDelegation function, the canisterranges aren't...

CVE-2024-7998

CVE-2024-7998 affects Octopus Server where OIDC cookies used the wrong expiration time, potentially enabling longer-lived cookies. The CVSS 3.1 vector reports a Low base score (2.6) with NETWORK attack vector, HIGH complexity, and user interaction required. The available documents state the vulne...

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

PT-2024-38745 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue is related to OIDC cookies using the wrong expiration time, potentially resulting in them using the maximum lifespan. Recommendations: At the moment, there is no informatio...

BIT-TYPO3-2022-36106

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even ...

CVE-2023-47628

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...

CVE-2023-38698

The CVE-2023-38698 issue is a vulnerability in ENS:BaseRegistrarImplementation prior to 0.0.22 where an integer overflow in the renew function can be exploited by an attacker-controlled controller to shorten the expiration of a registrar name. The effect is that expiries[id] may overflow, allowin...

CVE-2023-38698 .eth registrar controller can shorten the duration of registered names

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

Force Expiration Of Ethereum Name Service (ENS)

@ensdomains/ens-contracts is vulnerable to Force Expiration Of Ethereum Name Service ENS. The vulnerability exists due to the integer overflow in the renew function of BaseRegistrarImplementation.sol, which allows an attacker to reduce the expiration time of existing domains...

GHSA-RRXV-Q8M4-WCH3 .eth registrar controller can shorten the duration of registered names

Description According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled...