Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-5232: Merge pull request from GHSA-8f9f-pc5v-9r5h · ensdomains/ens@36e10e7

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.

CVE
#vulnerability#sap

@@ -14,13 +14,19 @@ interface ENS {

// Logged when the TTL of a node changes

event NewTTL(bytes32 indexed node, uint64 ttl);

// Logged when an operator is added or removed.

event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

function setSubnodeOwner(bytes32 node, bytes32 label, address owner) external;

function setRecord(bytes32 node, address owner, address resolver, uint64 ttl) external;

function setSubnodeRecord(bytes32 node, bytes32 label, address owner, address resolver, uint64 ttl) external;

This comment has been minimized.

Sign in to view

Copy link

****3esmit** Jan 30, 2020**

Why this one don’t returns bytes32? If you changed the other, it should also be here.

function setSubnodeOwner(bytes32 node, bytes32 label, address owner) external returns(bytes32);

function setResolver(bytes32 node, address resolver) external;

function setOwner(bytes32 node, address owner) external;

function setTTL(bytes32 node, uint64 ttl) external;

function setApprovalForAll(address operator, bool approved) external;

function owner(bytes32 node) external view returns (address);

function resolver(bytes32 node) external view returns (address);

function ttl(bytes32 node) external view returns (uint64);

function recordExists(bytes32 node) external view returns (bool);

function isApprovedForAll(address owner, address operator) external view returns (bool);

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907