Lucene search
+L

149 matches found

Cvelist
Cvelist
added 2022/05/07 3:40 a.m.47 views

CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

5.9CVSS9.6AI score0.00745EPSS
Exploits0References2
CVE
CVE
added 2022/05/07 3:40 a.m.77 views

CVE-2022-29180

CVE-2022-29180 affects charmbracelet/charm via Server-Side Request Forgery (SSRF). Attackers could forge HTTP requests to manipulate the charm data directory and access or delete server contents. The issue is patched in release v0.12.1; users running self-hosted Charm should upgrade. Affected com...

9.8CVSS7.5AI score0.00745EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/07 3:40 a.m.5 views

CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

5.9CVSS9.4AI score0.00745EPSS
Exploits0References2
OSV
OSV
added 2022/05/07 3:40 a.m.37 views

CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)

A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...

5.9CVSS9AI score0.00745EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/07 12:0 a.m.5 views

Charm 代码问题漏洞

Charm is Charm's set of tools for quickly building CLI programs. A code issue vulnerability exists in Charm. An attacker could exploit this vulnerability to spoof HTTP requests to manipulate the Charm data directory to access or delete any file on the server...

9.8CVSS8.5AI score0.00745EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/05/07 12:0 a.m.8 views

PT-2022-19434 · Charm · Charm

Name of the Vulnerable Software and Affected Versions: charm versions prior to 0.12.1 Description: A vulnerability allows attackers to forge HTTP requests to manipulate the charm data directory, potentially accessing or deleting anything on the server. Encrypted user data uploaded to the Charm...

9.8CVSS6.9AI score0.00745EPSS
Exploits0References9
OSV
OSV
added 2022/05/05 10:11 a.m.3 views

USN-5400-3 mysql-8.0 regression

USN-5400-1 fixed vulnerabilities in MySQL. The fix breaks existing charm configurations. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix the...

5.8AI score
Exploits0References2
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.13 views

Possible price manipulation while adding liquidity to uniV3

Handle 0x421f Vulnerability details Right now if we see the code there are no checks before liq being added to check if pool is manipulated. Hence there rises possibility of sandwich attack vector here, more so with concentrated liq imo Could be done with flash loan or with own tokens Attack woul...

7AI score
Exploits0
NVD
NVD
added 2021/07/30 2:15 p.m.33 views

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

5.9CVSS0.00908EPSS
Exploits0References4
NVD
NVD
added 2021/07/30 2:15 p.m.26 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS0.00819EPSS
Exploits0References5
OSV
OSV
added 2021/07/30 2:15 p.m.23 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.9AI score
Exploits0References5
OSV
OSV
added 2021/07/30 2:15 p.m.17 views

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

5.9CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2021/07/30 2:15 p.m.21 views

Design/Logic Flaw

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

4.3CVSS5.7AI score0.00908EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/07/30 2:15 p.m.2 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.6AI score0.00819EPSS
Exploits0References6
Prion
Prion
added 2021/07/30 2:15 p.m.18 views

Design/Logic Flaw

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

4CVSS6.5AI score0.00819EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/07/29 12:0 a.m.5 views

Charm 加密问题漏洞

Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. A cryptographic issue vulnerability exists in Charm version 0.43. Using this vulnerability any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.5CVSS6.5AI score0.00819EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/07/29 12:0 a.m.5 views

Charm 加密问题漏洞

Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. Charm version 0.43 is vulnerable to a cryptographic issue. Exploiting this vulnerability source any two users can conspire to gain the ability to decrypt YCT14 data...

5.9CVSS6AI score0.00908EPSS
Exploits0References5
CVE
CVE
added 2021/07/27 10:6 p.m.56 views

CVE-2021-37587

Charm 0.43 contains a cryptographic weakness where any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. The vulnerability is documented across multiple sources (NVD, OSV, CNVD/CNNVD and CVE listings). Exploitation status is not detailed in the provided fragments; no patch/version remediation...

6.5CVSS6.5AI score0.00819EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/07/27 10:6 p.m.26 views

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

6.7AI score0.00819EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/07/27 10:6 p.m.33 views

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

5.9AI score0.00908EPSS
Exploits0References4
Rows per page
Query Builder