Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ethereum ethereum - vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-42764
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
Proof-of-stake Ethereum Project Proof-of-stake Ethereum
9.1
CVSSv3
CVE-2021-42766
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a prot...
Proof-of-stake Ethereum Project Proof-of-stake Ethereum
5.5
CVSSv3
CVE-2020-26800
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.
Ethereum Aleth
8.1
CVSSv3
CVE-2017-12116
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker...
Ethereum Aleth -
7.5
CVSSv3
CVE-2022-1930
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
Ethereum Eth-account
9.8
CVSSv3
CVE-2018-15890
An issue exists in EthereumJ 1.8.2. There is Unsafe Deserialization in ois.readObject in mine/Ethash.java and decoder.readObject in crypto/ECKey.java. When a node syncs and mines a new block, arbitrary OS commands can be run on the server.
Ethereum Ethereumj 1.8.2
8.7
CVSSv3
CVE-2020-5232
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.
Ens.domains Ethereum Name Service
1 Github repository
8.8
CVSSv3
CVE-2018-18920
Py-EVM v0.2.0-alpha.33 allows malicious users to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is r...
Ethereum Py-evm 0.2.0
6.5
CVSSv3
CVE-2023-38698
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or re...
Ens.domains Ethereum Name Service
7.5
CVSSv3
CVE-2018-10468
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows malicious users to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrec...
Uetoken Useless Ethereum Token -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »