CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...

Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version = v0.17.0 to be protected. References Detailed blog post:...

CVE-2023-28631

CVE-2023-28631 affects the comrak Markdown parser/renderer (Rust). The issue arises when an AST is constructed manually and later formatted to HTML; the formatter assumes data is valid UTF-8, but some [u8] fields may not be, triggering bugs. Affected version is 0.17.0; remediation per sources is ...

Raneto v0.17.0 employs weak password complexity requirements

Raneto v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Version 0.17.1 contains security mitigations for this and other vulnerabilities...

Raneto Denial of Service via crafted payload injected into `Search` parameter

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

CVE-2022-35144

Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-35143

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks...

CVE-2022-35143

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks...

CVE-2022-35144

Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-35142

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

CVE-2022-35142

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

Cross site scripting

Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability...

Design/Logic Flaw

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

CVE-2022-35142

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service DoS via a crafted payload injected into the Search parameter...

CVE-2022-35143

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks...

CVE-2022-35143

Concrete details found: Renato v0.17.0 is affected by weak password complexity requirements that enable brute-force password cracking. Red Hat CVE entries corroborate the issue for Renato v0.17.0. The scope includes the core software and its auth flow; impact is high confidentiality, integrity, a...

CVE-2022-35144

Incident summary: Renato v0.17.0 contains a cross-site scripting (XSS) vulnerability (CVE-2022-35144). Red Hat and related feeds corroborate XSS details for Renato v0.17.0, with the issue described as an XSS flaw in the application. The provided sources do not specify the vulnerable component, ex...

CVE-2022-35144

Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-21158

CVE-2022-21158 is a stored XSS flaw in MarkText, affecting versions prior to 0.17.0. The issue stems from improper handling of links using the javascript: scheme inside documents, enabling an attacker to execute arbitrary scripts on a user’s PC. The vulnerability is addressed by updating to v0.17...

CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...