Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Monero - HackerOne Reports

View on HackerOne

52

Total Reports

5

Critical

15

High

12

Medium

10

Low

Kovri: potential buffer over-read in garlic clove handling + I2NP message creation

Reported by: aerodudrizzt | Disclosed:

High

Weakness: Information Disclosure

Unauthorized access of Monero wallet by an unprivileged process

Reported by: thanhb | Disclosed:

High

Weakness: Improper Access Control - Generic

Trusted daemon check fails when proxied through torsocks or proxychains

Reported by: equim | Disclosed:

Low

Weakness: Privacy Violation

Array Index Underflow--http rpc

Reported by: minerscan | Disclosed:

High

Weakness: Array Index Underflow

Computing hash of crafted block leads to crash in tree_hash()

Reported by: guido | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Out-of-bounds read when importing corrupt blockchain with monero-blockchain-import

Reported by: sybr | Disclosed:

Low

Weakness: Out-of-bounds Read

Monero wallet password change is confirmed when not matching

Reported by: consistent-dream | Disclosed:

Low

Weakness: Unverified Password Change

Monero Wallet Gui for Windows (Arbitrary Code Execution)

Reported by: l00ph0le | Disclosed:

High

Weakness: Code Injection

Attcker can trick monero wallet into reporting it recived twice as much with alternative tx_keypubs

Reported by: phiren | Disclosed:

High

Weakness: Business Logic Errors

remote access to localhost daemon, can issue jsonrpc commands

Reported by: bugbound | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Misconfiguration in build environment allows DLL preloading attack

Reported by: nim4 | Disclosed:

Low

Remote P2P DoS

Reported by: padillac | Disclosed:

Critical

Remote Daemon RPC Attack

Reported by: padillac | Disclosed:

Medium

Exploiting Network and Timing Side-Channels to Break Monero Receiver Anonymity

Reported by: ftramer | Disclosed:

Medium

RPC call crashes node

Reported by: xfang | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

forum.getmonero.org Shell upload

Reported by: kaulse | Disclosed:

High

Weakness: Code Injection

Corrupt RPC responses from remote daemon nodes can lead to transaction tracing

Reported by: monero-hax123 | Disclosed:

Medium

Weakness: Privacy Violation

Locked_Transfer functional burning

Reported by: keejef | Disclosed:

High

Dynamic fee algorithm doesn't check for zero fee

Reported by: sech1 | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

CryptoNote: remote node DoS

Reported by: anonimal | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Previous Page 2 of 3 Next