Lucene search
K

129 matches found

OSV
OSV
added 2022/08/11 1:15 a.m.4 views

ALPINE-CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...

7.5CVSS6.7AI score0.01147EPSS
Exploits0References1
OSV
OSV
added 2022/08/11 1:15 a.m.3 views

UBUNTU-CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...

7.5CVSS5.8AI score0.01147EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/08/11 12:0 a.m.2 views

CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...

7AI score0.01147EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/06/29 3:15 p.m.3 views

CVE-2022-32969

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

5.9CVSS5.8AI score0.01448EPSS
Exploits0References4
Prion
Prion
added 2022/06/29 3:15 p.m.20 views

Design/Logic Flaw

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

4.3CVSS5.7AI score0.01448EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/29 2:37 p.m.18 views

CVE-2022-32969

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

5.9CVSS6.8AI score0.01448EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.3 views

MetaMask 安全漏洞

MetaMask is a crypto wallet and gateway for blockchain applications in the MetaMask community. A security vulnerability exists in versions prior to MetaMask 10.11.3, which can be exploited by an attacker to access a user's secret recovery phrase...

5.9CVSS6AI score0.01448EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/19 12:0 a.m.9 views

PT-2022-3323 · Metamask +2 · Metamask +2

Name of the Vulnerable Software and Affected Versions: MetaMask versions prior to 10.11.3 Description: The issue is related to the storage of confidential information in unencrypted form, allowing an attacker to access a user's secret recovery phrase. This is due to the use of an input field for ...

7.2CVSS5.5AI score0.01448EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2022/06/13 1:50 p.m.43 views

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, t...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/04/08 11:3 a.m.23 views

Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users

Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/05 9:28 a.m.50 views

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial...

0.4AI score
Exploits0
OSV
OSV
added 2021/11/01 12:15 p.m.3 views

CVE-2021-25875

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

6.1CVSS5.8AI score0.00834EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/11/01 12:0 a.m.4 views

PT-2021-16823 · Unknown · Avideo/Youphptube

Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows a remote attacker to steal administrators' session cookies or perform actions as an administrator due to multiple reflected Cross Scripting vulnerabilities. This is...

6.1CVSS6.2AI score0.00834EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.4 views

Emerson WirelessHART Gateway 操作系统命令注入漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. The Emerson WirelessHART Gateway suffers from an operating system command injection vulnerability that originates from incorrect validation of input in a password phrase. An attacker could exploit this vulnerability to pass...

6AI score
Exploits0References3
CNNVD
CNNVD
added 2021/07/28 12:0 a.m.4 views

SUSE Rancher K3s 安全漏洞

SUSE Rancher K3s is a CNCF sandboxing project from SUSE Germany that provides a lightweight but powerful certified Kubernetes distribution. A security vulnerability exists in SUSE Rancher K3s that allows any user with direct access to a datastore, or a copy of a datastore backup, to extract the...

6.5CVSS6.5AI score0.00304EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.6 views

The vulnerability of the parse_fix_phrase() function in the Exim message forwarding agent, related to writing beyond buffer boundaries in memory, allows a hacker to elevate their privileges in the system and execute arbitrary code.

The vulnerability of the parsefixfrase function in the Exim message forwarding agent is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an intruder with privileges in the system to execute arbitrary code...

7.8CVSS7.9AI score0.00395EPSS
Exploits1References9Affected Software4
OSV
OSV
added 2021/05/06 1:15 p.m.2 views

DEBIAN-CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

7.8CVSS7.6AI score0.00395EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2021/05/06 3:51 a.m.68 views

CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

7.8CVSS7.8AI score0.00395EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/05/06 3:51 a.m.38 views

CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

8.7AI score0.00395EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/04 12:0 a.m.6 views

Exim 缓冲区错误漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from a buffer overflow vulnerability. The vulnerability stems from a "-F" handling error in parsefixphrase. No details of the vulnerability are available at this tim...

7.8CVSS6AI score0.00395EPSS
Exploits1References6
Rows per page
Query Builder