19 matches found
EUVD-2025-29384
Malicious code in bioql PyPI...
EUVD-2022-7774
Malicious code in bioql PyPI...
EUVD-2025-19055
Malicious code in bioql PyPI...
CVE-2025-5087
Kaleris NAVIS N4 ULC Ultra Light Client communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials...
CVE-2025-5087
Kaleris NAVIS N4 ULC Ultra Light Client communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials...
CVE-2025-5087
CVE-2025-5087 affects Kaleris NAVIS N4 ULC (Ultra Light Client). The connected documents describe an unsafe Java deserialization vulnerability and insecure transmission of zlib-compressed data over HTTP, enabling an attacker who can observe traffic between Ultra Light Clients and N4 servers to ex...
CVE-2022-23507
Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...
GHSA-6JRF-4JV4-R9MW tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...
PT-2025-15899 · Crates.Io · Tendermint-Light-Client-Verifier
Name: ISA-2025-003: Malicious validator can spoof votes from other validators Component: tendermint-rs Criticality: High Catastrophic Impact; Rare Likelihood per ACMv1.2 Affected versions: = v0.40.2 Affected users: Everyone Description tendermint-rs contains a critical vulnerability in its light...
ISLOnline ISL Light Client Installed (Linux)
Binary data islonlineisllightclientnixinstalled.nbin...
ISLOnline ISL Light Client Installed (Windows)
Binary data islonlineisllightclientwininstalled.nbin...
ISLOnline ISL Light Client Installed (macOS)
Binary data islonlineisllightclientmacinstalled.nbin...
CVE-2022-23507 Light client verification not taking into account chain ID
Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...
CVE-2022-23507 Light client verification not taking into account chain ID
Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Versions prior to 0.28.0 contain a potential attack via Improper Verification of Cryptographic Signature, affecting anyone using the tendermint-light-client and related packages to perform ligh...
Tendermint 数据伪造问题漏洞
Tendermint is a Byzantine Fault Tolerant BFT style middleware from Tendermint Corporation. A data forgery issue vulnerability exists in versions of Tendermint prior to 0.28.0, which stems from a potential attack that includes verification via incorrect cryptographic signatures and affects anyone...
GHSA-XQQC-C5GW-C5R5 Tendermint light client verification not taking into account chain ID
Impact Anyone using the tendermint-light-client and related packages to perform light client verification e.g. IBC-rs, Hermes. At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a...
Tendermint light client verification not taking into account chain ID
Impact Anyone using the tendermint-light-client and related packages to perform light client verification e.g. IBC-rs, Hermes. At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a...
PT-2022-16039 · Unknown · Tendermint
Name of the Vulnerable Software and Affected Versions: Tendermint versions prior to 0.28.0 Description: The issue concerns a potential attack via improper verification of cryptographic signatures, affecting users of the tendermint-light-client and related packages for light client verification. T...