CVE-2021-41138

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

EUVD-2021-2260

Malware in sbrugna...

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication MFA as a more robust security measure. MFA...

The vulnerability of Microsoft Exchange Server servers arises from the improper processing of user data, allowing attackers to carry out spamming attacks.

The vulnerability of Microsoft Exchange Server exists due to incorrect processing of user data. Exploiting this vulnerability allows a malicious actor to perform a spear-phishing attack remotely...

CVE-2022-39242

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

Alohi: Misconfigured rate limit at app.sign.plus/forgot_password

shamim12 found a weakness in our rate-limiting mechanism, allowing an attacker to bypass rate limits and spam the endpoint for requesting a password reset email. There was no effect on other API endpoints and no direct security implication, except email spamming attacks. The issue has been fixed...

GHSA-VJ62-G63V-F8MF Validity check missing in Frontier

Impact In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block...

CVE-2021-41138 Validity check for signed Frontier-specific extrinsic not called in block execution

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

The vulnerability of the Page Info component in the Google Chrome web browser allows attackers to perform spoofing attacks using a specially created request.

The vulnerability of the Page Info component in the Google Chrome web browser is related to the bypassing of authentication processes through spamming. Exploiting this vulnerability allows a malicious actor to carry out spamming attacks using a specially created request...

The vulnerability of Microsoft Bing Search for Android, related to incorrect processing of HTML pages’ content, allows attackers to perform spamming attacks.

The vulnerability of Microsoft Bing Search for Android relates to the improper processing of HTML pages’ content. Exploiting this vulnerability allows a remote attacker to perform spamming attacks...