149 matches found
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2022-29180
CVE-2022-29180 affects charmbracelet/charm via Server-Side Request Forgery (SSRF). Attackers could forge HTTP requests to manipulate the charm data directory and access or delete server contents. The issue is patched in release v0.12.1; users running self-hosted Charm should upgrade. Affected com...
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
CVE-2022-29180 Charm vulnerable to server-side request forgery (SSRF)
A vulnerability in which attackers could forge HTTP requests to manipulate the charm data directory to access or delete anything on the server. This has been patched and is available in release v0.12.1. We recommend that all users running self-hosted charm instances update immediately. This...
Charm 代码问题漏洞
Charm is Charm's set of tools for quickly building CLI programs. A code issue vulnerability exists in Charm. An attacker could exploit this vulnerability to spoof HTTP requests to manipulate the Charm data directory to access or delete any file on the server...
PT-2022-19434 · Charm · Charm
Name of the Vulnerable Software and Affected Versions: charm versions prior to 0.12.1 Description: A vulnerability allows attackers to forge HTTP requests to manipulate the charm data directory, potentially accessing or deleting anything on the server. Encrypted user data uploaded to the Charm...
USN-5400-3 mysql-8.0 regression
USN-5400-1 fixed vulnerabilities in MySQL. The fix breaks existing charm configurations. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix the...
Possible price manipulation while adding liquidity to uniV3
Handle 0x421f Vulnerability details Right now if we see the code there are no checks before liq being added to check if pool is manipulated. Hence there rises possibility of sandwich attack vector here, more so with concentrated liq imo Could be done with flash loan or with own tokens Attack woul...
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...
Design/Logic Flaw
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
Design/Logic Flaw
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
Charm 加密问题漏洞
Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. A cryptographic issue vulnerability exists in Charm version 0.43. Using this vulnerability any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
Charm 加密问题漏洞
Charm is Charm is a framework for rapidly prototyping advanced cryptosystems. Charm version 0.43 is vulnerable to a cryptographic issue. Exploiting this vulnerability source any two users can conspire to gain the ability to decrypt YCT14 data...
CVE-2021-37587
Charm 0.43 contains a cryptographic weakness where any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. The vulnerability is documented across multiple sources (NVD, OSV, CNVD/CNNVD and CVE listings). Exploitation status is not detailed in the provided fragments; no patch/version remediation...
CVE-2021-37587
In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...