129 matches found
ALPINE-CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...
UBUNTU-CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...
CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
Design/Logic Flaw
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
MetaMask 安全漏洞
MetaMask is a crypto wallet and gateway for blockchain applications in the MetaMask community. A security vulnerability exists in versions prior to MetaMask 10.11.3, which can be exploited by an attacker to access a user's secret recovery phrase...
PT-2022-3323 · Metamask +2 · Metamask +2
Name of the Vulnerable Software and Affected Versions: MetaMask versions prior to 10.11.3 Description: The issue is related to the storage of confidential information in unencrypted form, allowing an attacker to access a user's secret recovery phrase. This is due to the use of an input field for ...
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, t...
Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users
Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words...
Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial...
CVE-2021-25875
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...
PT-2021-16823 · Unknown · Avideo/Youphptube
Name of the Vulnerable Software and Affected Versions: AVideo/YouPHPTube versions 10.0 and prior Description: The issue allows a remote attacker to steal administrators' session cookies or perform actions as an administrator due to multiple reflected Cross Scripting vulnerabilities. This is...
Emerson WirelessHART Gateway 操作系统命令注入漏洞
The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. The Emerson WirelessHART Gateway suffers from an operating system command injection vulnerability that originates from incorrect validation of input in a password phrase. An attacker could exploit this vulnerability to pass...
SUSE Rancher K3s 安全漏洞
SUSE Rancher K3s is a CNCF sandboxing project from SUSE Germany that provides a lightweight but powerful certified Kubernetes distribution. A security vulnerability exists in SUSE Rancher K3s that allows any user with direct access to a datastore, or a copy of a datastore backup, to extract the...
The vulnerability of the parse_fix_phrase() function in the Exim message forwarding agent, related to writing beyond buffer boundaries in memory, allows a hacker to elevate their privileges in the system and execute arbitrary code.
The vulnerability of the parsefixfrase function in the Exim message forwarding agent is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an intruder with privileges in the system to execute arbitrary code...
DEBIAN-CVE-2020-28016
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...
CVE-2020-28016
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...
CVE-2020-28016
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...
Exim 缓冲区错误漏洞
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from a buffer overflow vulnerability. The vulnerability stems from a "-F" handling error in parsefixphrase. No details of the vulnerability are available at this tim...