CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222 matches found

Cvelist•added 2021/11/18 3:5 p.m.•29 views

CVE-2021-43667

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...

7.7AI score0.01293EPSS

Exploits1References2

CNNVD•added 2021/11/18 12:0 a.m.•3 views

Hyperledger Fabric 环境问题漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used for developing solutions and applications. A security vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0, which can be exploited by an attacker by constructing a message whose header is...

7.5CVSS7.3AI score0.01091EPSS

Exploits0References3

CNNVD•added 2021/11/18 12:0 a.m.•19 views

Hyperledger Fabric 代码问题漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A code issue vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0, which can be exploited by an attacker by constructing a message with a payload of zero and...

7.5CVSS7.5AI score0.01293EPSS

Exploits1References3

vulnersOsv•added 2021/11/15 11:28 p.m.•4 views

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.2)

@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =0.5.0, =3.4.0, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.0.0, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WMPV-C2JP-J2XG...

5.8AI score

Exploits0

OSV•added 2021/05/31 3:39 p.m.•14 views

CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

4.3AI score

Exploits0References2

OSV•added 2021/05/31 3:39 p.m.•12 views

GSD-2021-1000003 CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

7AI score

Exploits0References2

CNVD•added 2021/05/07 12:0 a.m.•1 views

Denial of Service Vulnerability in Hyperledger Fabric

Hyperledger Fabric is the open source, enterprise-class, distributed ledger platform with permissions. A denial of service vulnerability exists in Hyperledger Fabric, which can be exploited by an attacker to cause a denial of service...

6.9AI score

Exploits0

OSV•added 2021/03/09 6:15 p.m.•21 views

CVE-2021-21369

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...

6.5CVSS7.1AI score

Exploits0References4

NVD•added 2021/03/09 6:15 p.m.•12 views

CVE-2021-21369

6.5CVSS0.01503EPSS

Exploits0References4

Prion•added 2021/03/09 6:15 p.m.•22 views

Heap overflow

4CVSS6.7AI score0.01503EPSS

Exploits0References4Affected Software1

Cvelist•added 2021/03/09 6:10 p.m.•11 views

CVE-2021-21369 Potential DoS in Besu HTTP JSON-RPC API

6.5CVSS6.8AI score0.01503EPSS

Exploits0References4

CVE•added 2021/03/09 6:10 p.m.•61 views

CVE-2021-21369

Hyperledger Besu (Java) prior to v1.5.1 is affected by a denial‑of‑service in the HTTP JSON‑RPC API when HTTP auth is enabled. The vulnerability arises because a login step to obtain a JWT is required before API calls, and an attacker can overload the login endpoint with invalid passwords. Passwo...

6.5CVSS6.6AI score0.01503EPSS

Exploits0References4Affected Software1

CNNVD•added 2021/03/09 12:0 a.m.•3 views

Matkt Hyperledger Besu 资源管理错误漏洞

Matkt Hyperledger Besu is an open source application from Matkt. It is used to run, maintain, debug and monitor nodes in the Ethernet network. Hyperledger Besu suffers from a security vulnerability that stems from the fact that a single user can easily reload the login endpoint with an invalid...

6.5CVSS6.5AI score0.01503EPSS

Exploits0References5

OSV•added 2020/12/24 8:15 p.m.•16 views

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

7.5CVSS7.5AI score

Exploits0References4

NVD•added 2020/12/24 8:15 p.m.•22 views

CVE-2020-11093

7.5CVSS7.5AI score0.00933EPSS

Exploits1References4

OSV•added 2020/12/24 8:15 p.m.•42 views

PYSEC-2020-48

7.5CVSS3.1AI score0.00933EPSS

Exploits1References4

PyPA•added 2020/12/24 8:15 p.m.•6 views

PYSEC-2020-48

7.5CVSS6.9AI score0.00933EPSS

Exploits1References4Affected Software1

Prion•added 2020/12/24 8:15 p.m.•19 views

Design/Logic Flaw

5CVSS7.5AI score0.00933EPSS

Exploits1References4Affected Software1

CVE•added 2020/12/24 8:5 p.m.•80 views

CVE-2020-11093

Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...

7.5CVSS7.4AI score0.00933EPSS

Exploits1References4Affected Software1

Cvelist•added 2020/12/24 8:5 p.m.•26 views

CVE-2020-11093 Authorization bypass in Hyperledger Indy

7.5CVSS7.5AI score0.00933EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by