Lucene search
K

180 matches found

Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.7 views

PT-2024-12089 · Ipfs +1 · Ipfs +1

Name of the Vulnerable Software and Affected Versions: go-libp2p-kad-dht versions 0.20.0 and earlier IPFS versions 0.18.1 and earlier Description: The issue allows an attacker to censor content in the InterPlanetary File System IPFS by exploiting the Kademlia DHT. This is done by generating many...

9.8CVSS5.9AI score0.89633EPSS
Exploits15References31
OSV
OSV
added 2024/08/21 3:29 p.m.15 views

GO-2022-0873 Control character injection in console output in github.com/ipfs/go-ipfs

Control character injection in console output in github.com/ipfs/go-ipfs...

8.8CVSS8.8AI score0.01501EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 3:28 p.m.20 views

GO-2022-0779 Path traversal in github.com/ipfs/go-ipfs

Path traversal in github.com/ipfs/go-ipfs...

8.1CVSS8AI score0.01699EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 3:11 p.m.6 views

GO-2022-0418 Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs

Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs...

7.1AI score
Exploits0References4
OSV
OSV
added 2024/06/04 3:19 p.m.37 views

GO-2024-2779 Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs

Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs...

7.5CVSS7.5AI score0.01147EPSS
Exploits0References4
Veracode
Veracode
added 2024/04/25 6:20 a.m.16 views

Improper Access Control

github.com/ipfs/kubo/ is vulnerable to Improper Access Control. The vulnerability is due to the ability of an attacker to generate ephemeral identities, allowing them to exploit the IPFS connection management reputation system. This enables the attacker to poison other nodes' routing tables,...

7.5CVSS7.5AI score0.01147EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/04/24 8:1 p.m.39 views

GHSA-R23H-3JMW-Q7HR Access Restriction Bypass in go-ipfs

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...

7.5CVSS7.4AI score0.01147EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/04/24 8:1 p.m.14 views

Access Restriction Bypass in go-ipfs

An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...

7.5CVSS7AI score0.01147EPSS
Exploits0References4Affected Software1
Chainguard
Chainguard
added 2023/10/16 2:1 p.m.43 views

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: metrics-server-fips, caddy, k3s, cert-manager, prometheus-adapter, rancher-webhook, buildkitd, kubevela, rancher-webhook-fips, kubernetes-fips, kubernetes, kube-oidc-proxy, up...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2023/10/12 5:15 p.m.38 views

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: metrics-server-fips, caddy, k3s, cert-manager, prometheus-adapter, rancher-webhook, buildkitd, kubevela, rancher-webhook-fips, kubernetes-fips, kubernetes, kube-oidc-proxy, up...

7.5CVSS7AI score0.01364EPSS
Exploits0
Wolfi
Wolfi
added 2023/10/12 5:15 p.m.100 views

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: kubevela, up, kubernetes, prometheus-adapter, caddy, buildkitd, k3s...

7.5CVSS7.1AI score0.01364EPSS
Exploits0
NVD
NVD
added 2023/08/25 9:15 p.m.38 views

CVE-2023-40583

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and...

7.5CVSS7.5AI score0.00772EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/06/19 7:46 p.m.6 views

4337-snap (>=0.1.0 <=0.1.1), @0xflair/contracts-registry (>=0.107.10 <=0.123.2) +336 more potentially affected by CVE-2023-34459 via @openzeppelin/contracts-upgradeable (>=4.7.0 <=4.8.3)

@openzeppelin/contracts-upgradeable NPM version =4.7.0, =0.1.0, =0.107.10, =1.9.0, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.107.0, =0.107.0, =0.107.0, =4.0.0, =2.0.0, =3.1.0 - @abheektripathy/nftpass =1.1.0 and more Source cves: CVE-2023-34459 Source advisory:...

5.9CVSS6.2AI score0.00371EPSS
Exploits0
OSV
OSV
added 2023/06/14 5:22 p.m.21 views

GO-2023-1766 Denial of service from memory leak in github.com/ipfs/go-libipfs

An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory...

8.2CVSS7.5AI score0.00856EPSS
Exploits0References1
HackRead
HackRead
added 2023/05/30 10:24 p.m.9 views

Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver

By Waqas Web3, the next evolution of the internet, requires a truly decentralized infrastructure that goes beyond what IPFS InterPlanetary File System can offer on its own. This is a post from HackRead.com Read the original post: Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone...

7AI score
Exploits0
Veracode
Veracode
added 2023/05/15 3:8 a.m.21 views

Denial Of Service (DoS)

github.com/ipfs/boxo is vulnerable to Denial of Service DoS attacks. By making requests for WANTBLOCK and/or WANTHAVE, which are persistent even if the connection is terminated, an attacker is able to allocate an undetermined number of bytes in the server...

8.2CVSS6.8AI score0.00856EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2023/05/11 8:40 p.m.21 views

GHSA-QVQG-6RP8-4P9H github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

5.3CVSS7.6AI score0.00856EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/11 8:40 p.m.39 views

github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak

Impact An attacker is able allocate arbitrarily many bytes in the Bitswap server by sending many WANTBLOCK and or WANTHAVE requests which are queued in an unbounded queue, with allocations that persist even if the connection is closed. This affects users accepting or connecting untrusted...

8.2CVSS6.2AI score0.00856EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/11 8:39 p.m.14 views

GHSA-Q3J6-22WF-3JH9 github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak

This package has been moved to github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 CVE-2023-25568 Remediation This is a two step process: 1. Apply one of: - recommended upgrade from github.com/ipfs/go-bitswap to...

7.5CVSS7.6AI score0.00856EPSS
Exploits0References7
NVD
NVD
added 2023/05/10 2:15 p.m.56 views

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS8.2AI score0.00856EPSS
Exploits0References4
Rows per page
Query Builder