223 matches found
EUVD-2021-8681
Malicious code in bioql PyPI...
EUVD-2024-0310
Malicious code in bioql PyPI...
EUVD-2022-5370
Malicious code in bioql PyPI...
Decentralized COVID-19 Health System Leveraging Blockchain
With the development of the Internet, the amount of data generated by the medical industry each year has grown exponentially. The Electronic Health Record EHR manages the electronic data generated during the user's treatment process. Typically, an EHR data manager belongs to a medical institution...
CVE-2024-45244
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...
CVE-2023-46132
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
CVE-2021-21369
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prio...
CVE-2021-43667
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
Comparative Analysis of Blockchain Systems
Blockchain is a type of decentralized distributed database. Unlike traditional relational database management systems, it does not require management or maintenance by a third party. All data management and update processes are open and transparent, solving the trust issues of centralized databas...
CVE-2025-30147
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...
CVE-2025-30147
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128ADD 0x06,...
Hyperledger Besu 安全漏洞
Hyperledger Besu is a Hyperledger open source application. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions 24.7.1 through 25.2.2, which stems from a precompiled implementation issue that could lead to a...
PT-2025-20289 · Hyperledger · Hyperledger Besu +1
Name of the Vulnerable Software and Affected Versions: Hyperledger Besu versions 24.7.1 through 25.2.2 besu-native versions 0.9.0 through 1.2.1 Description: The issue concerns a potential consensus bug in the precompiles ALTBN128 ADD 0x06, ALTBN128 MUL 0x07, and ALTBN128 PAIRING 0x08 due to the u...
Decentralized Vulnerability Disclosure Via Permissioned Blockchain: a Secure, Transparent Alternative to Centralized CVE Management
This paper proposes a decentralized, blockchain-based system for the publication of Common Vulnerabilities and Exposures CVEs, aiming to mitigate the limitations of the current centralized model primarily overseen by MITRE. The proposed architecture leverages a permissioned blockchain, wherein on...
A Blockchain-Based Approach for Secure and Transparent E-Faktur Issuance in Indonesia'S VAT Reporting System
The implementation of blockchain technology in tax administration offers promising improvements in security, transparency, and efficiency. This paper presents the design of a blockchain-based e-Faktur system aimed at addressing the challenges of issuing and verifying tax invoices within Indonesia...
Adversary-Augmented Simulation for Fairness Evaluation and Defense in Hyperledger Fabric
This paper presents an adversary model and a simulation framework specifically tailored for analyzing attacks on distributed systems composed of multiple distributed protocols, with a focus on assessing the security of blockchain networks. Our model classifies and constrains adversarial actions...
PT-2025-29823
Name of the Vulnerable Software and Affected Versions: Lighthouse Studio versions prior to 9.16.14 Description: A template injection vulnerability exists in Lighthouse Studio’s Perl web application ciwweb.pl. Exploitation allows an unauthenticated attacker to execute arbitrary commands on the web...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283
Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798
Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...