Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Monero - HackerOne Reports

View on HackerOne

52

Total Reports

5

Critical

15

High

12

Medium

10

Low

Stack Overflow in JSON RPC Server

Reported by: talko | Disclosed:

Weakness: Stack Overflow

low-level p2p ping + tcp flooding leads to a remote crash in monerod

Reported by: padillac | Disclosed:

Critical

Monero GUI not linked with /DYNAMICBASE or hardening on windows, no ASLR

Reported by: flxflndy_ | Disclosed:

Potential use-after-free due to struct array_entry_t lacking an explicit copy constructor

Reported by: guido | Disclosed:

Low

Weakness: Use After Free

A peer can remotely fill the pending block queue to an extremely high size, with blocks that will never leave the queue.

Reported by: boog900 | Disclosed:

Spamming highly nested JSON RPC requests cause node to disconnect from p2p network

Reported by: asurar0 | Disclosed:

Weakness: Uncontrolled Resource Consumption

Buffer out of bound read in miniupnpc xml parser

Reported by: yukichen | Disclosed:

Low

Weakness: Buffer Over-read

Reentrancy attack in eth-monero atomic swap

Reported by: farinavito123 | Disclosed:

Weakness: Improper Access Control - Generic

Hardware Wallets Do Not Check Unlock TIme

Reported by: thecharlatan | Disclosed:

Medium

Weakness: Man-in-the-Middle

[Monero wallet RPC] File precreation to file ownership and credentials leak

Reported by: selmelc | Disclosed:

Weakness: Improper Access Control - Generic

Remote memory exhaustion in Epee RPC stack under zero Receive Window

Reported by: sagewilder2022 | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Monero Website & Kovri on your policy are returning 404 not found.

Reported by: r3y | Disclosed:

Weakness: Business Logic Errors

TabNabbing issue (due to taget=_blank)

Reported by: ursa | Disclosed:

DoS for remote nodes using Slow Loris attack

Reported by: sobhraj_charles | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

monerod JSON RPC server remote DoS

Reported by: m31007 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

epee will accept an arbitrary amount of leading line-breaks in an http request

Reported by: ahook | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Malicious get_random_rct_outs.bin rpc can cause a near-infinite loop

Reported by: ahook | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Excessive Resource Usage

Reported by: talko | Disclosed:

Weakness: Uncontrolled Resource Consumption

A bug in the Monero wallet balance can enable theft from exchanges

Reported by: jagerman | Disclosed:

Critical

Weakness: Business Logic Errors

Zero-amount miner TX + RingCT allows monero wallet to receive arbitrary amount of monero

Reported by: cutcoin | Disclosed:

Critical

Weakness: Resource Injection

Page 1 of 3 Next