VYPR

Vendor CVEs

Ethereum

All CVEs

42 total · sorted by risk
  • CVE-2025-24883HigJan 30, 2025
    risk 0.50cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

  • CVE-2018-13676HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13641HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13636HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13628HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13600HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13596HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13581HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13557HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13462HigJul 9, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13209HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

  • CVE-2018-13203HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

  • CVE-2018-13199HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

  • CVE-2018-13191HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13180HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13157HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13156HigJul 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-13131HigJul 4, 2018
    risk 0.49cvss 7.5epss 0.01

    SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.

  • CVE-2018-13073HigJul 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

  • CVE-2018-12079HigJun 25, 2018
    risk 0.49cvss 7.5epss 0.01

    The mintToken function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.

  • CVE-2024-32972HigMay 6, 2024
    risk 0.42cvss 7.5epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to 1.13.15, a vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix has been included in…

  • CVE-2026-40072HigApr 9, 2026
    risk 0.40cvss 7.2epss 0.00

    web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup (EIP-3668) by performing HTTP requests to URLs supplied by smart contracts in offchain_lookup_payload["urls"]. The…

  • CVE-2026-26315Feb 19, 2026
    risk 0.00cvss epss 0.00

    go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0…

  • CVE-2026-26314Feb 19, 2026
    risk 0.00cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

  • CVE-2026-26313Feb 19, 2026
    risk 0.00cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release.

  • CVE-2026-22868Jan 13, 2026
    risk 0.00cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

  • CVE-2026-22862Jan 13, 2026
    risk 0.00cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8.

  • CVE-2023-36980Sep 11, 2023
    risk 0.00cvss epss 0.00

    An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.

  • CVE-2023-40591Sep 6, 2023
    risk 0.00cvss epss 0.01

    go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version…

  • CVE-2022-33069Jun 22, 2022
    risk 0.00cvss epss 0.01

    Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp.

  • CVE-2022-29177May 20, 2022
    risk 0.00cvss epss 0.01

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17…

  • CVE-2021-41173Oct 26, 2021
    risk 0.00cvss epss 0.01

    Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known…

  • CVE-2021-42764Oct 20, 2021
    risk 0.00cvss epss 0.01

    The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.

  • CVE-2021-39137Aug 24, 2021
    risk 0.00cvss epss 0.02

    go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be…

  • CVE-2020-36402Jul 1, 2021
    risk 0.00cvss epss 0.01

    Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.

  • CVE-2020-26800Jan 11, 2021
    risk 0.00cvss epss 0.01

    A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.

  • CVE-2020-26264Dec 11, 2020
    risk 0.00cvss epss 0.02

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns…

  • CVE-2020-26265Dec 11, 2020
    risk 0.00cvss epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was included…

  • CVE-2020-26240Nov 25, 2020
    risk 0.00cvss epss 0.02

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the…

  • CVE-2020-26241Nov 25, 2020
    risk 0.00cvss epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at…

  • CVE-2020-26242Nov 25, 2020
    risk 0.00cvss epss 0.01

    Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.

  • CVE-2018-20421Dec 24, 2018
    risk 0.00cvss epss 0.01

    Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of service (memory consumption) by rewriting the length of a dynamic array in memory, and then writing data to a single memory location with a large index number, as demonstrated by use of "assembly { mstore }"…