rbfasesores.com Cross Site Scripting vulnerability OBB-3178885

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Code injection

Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in...

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

CVE-2020-12119

Ledger Live before version 2.7.0 is affected by an RBF handling flaw: unconfirmed Bitcoin transactions are credited to the user’s balance upon receipt and not deducted if canceled, enabling basic and amplified double-spending and potential DoS attacks without user consent. The vulnerability is do...