Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network

The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...

How Bitcoin’s digital signature feature facilitates Web3 adoption

Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…...

CVE-2024-52922

In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification...

ROS-20240805-03

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

IBM Sterling Connect:Direct Encryption Issue Vulnerability

IBM Sterling Connect:Direct is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. IBM Sterling Connect:Direct suffers from an encryption issue vulnerability that stems from the use of weak encryption algorithms, which could be exploited by an attacker to...

[SECURITY] Fedora 37 Update: bitcoin-core-24.1-1.fc37

Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network...

[SECURITY] Fedora 38 Update: bitcoin-core-24.1-1.fc38

Bitcoin is a digital cryptographic currency that uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network...

Design/Logic Flaw

Vulnerability discovered is related to the peer-to-peer p2p communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes...

FritzFrog: A New Generation of Peer-to-Peer Botnets

Guardicore has discovered FritzFrog, a sophisticated peer-to-peer P2P botnet that has been actively breaching SSH servers since January 2020...

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...

Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”

Akamai researchers have discovered a new P2P botnet targeting APJ. Read about it here...

IBM Sterling Connect Clickjacking Vulnerability

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM, U.S.A. A clickjacking vulnerability exists in IBM Sterling Connec versions 1.4.1.1 and 1.5.0.2, which stems from a program that does not adequately protect HTML iframes. A remote attacker could exploit The...

CVE-2021-29467

CVE-2021-29467 affects the Wrongthink encrypted peer‑to‑peer chat program. The vulnerability allows a user to check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site, indicating a cross‑site scripting issue. The description notes no workarounds, and a p...

CVE-2021-21387

The CVE-2021-21387 entry concerns the Wrongthink peer-to-peer, end-to-end encrypted messenger (using PeerJS and Axolotl ratchet). The documented issues include partial disclosure of the secret identity key via the fingerprint used for connections, and an improperly calculated safety number (deriv...

Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)

There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...

Tinfoil Chat - Onion-routed, Endpoint Secure Messaging System

Tinfoil Chat TFC is a FOSS+FHD peer-to-peer messaging system that relies on high assurance hardware architecture to protect users from passive collection, MITM attacks and most importantly, remote key exfiltration. TFC is designed for people with one of the most complex threat models: organized...

Telegram Desktop 1.3.14 Information Disclosure Vulnerability - Windows

Telegram Desktop is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows: Service: Peer Networking Identity Manager

The service SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.109266";...

Race condition

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...

Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...