13 matches found
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
EUVD-2026-25086
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
CVE-2026-34068
Summary (CVE-2026-34068) Nimiq-transaction’s staking contract (Rust) prior to v1.3.0 accepts UpdateValidator transactions that set new_voting_key=Some(...) without including new_proof_of_knowledge, bypassing the PoK requirement used to prevent BLS rogue-key attacks in aggregated signatures. Since...
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...
GHSA-PF4J-PF3W-95F9 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
Impact The staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
Impact The staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
PT-2026-34555
Impact The staking contract accepts UpdateValidator transactions that set new voting key=Some... while omitting new proof of knowledge. this skips the proof-of-knowledge requirement that is needed to prevent BLS rogue-key attacks when public keys are aggregated. Because tendermint macro block...
Nimiq 数据伪造问题漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Prior to Nimiq 1.3.0, there was a vulnerability related to data manipulation. This vulnerability stemmed from the UpdateValidator transaction in the nimiq-transaction where the was set with newvotingkey=Some…, but the...
Amazon S3 Encryption Client for Java has a Key Commitment Issue
Summary S3 Encryption Client for Java is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...
GHSA-4V42-65R3-3GJX Amazon S3 Encryption Client for .NET has a Key Commitment Issue
Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...