3626 matches found
CVE-2022-35740
dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...
PT-2022-22958 · Dotcms · Dotcms
Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 22.06 dotCMS version 5.3.8.12 dotCMS version 21.06.9 dotCMS version 22.03.2 Description: The issue allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a U...
Jenkins Matrix Project Plugin Cross-Site Scripting (CVE-2022-20615)
A stored cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin. This vulnerability is due to insufficient validation of node and label names, and label descriptions parameters...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:7184)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7184-1 advisory. - Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 - Mozilla:...
GLSA-202210-35 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-35 Mozilla Thunderbird: Multiple Vulnerabilities - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the...
SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2022:3800-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3800-1 advisory. - Mozilla Thunderbird 102.4.0 bsc1204421 changed: Thunderbird will automatically detect and repa...
AlmaLinux 9 : thunderbird (ALSA-2022:7178)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7178 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or...
Oracle Linux 9 : thunderbird (ELSA-2022-7178)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7178 advisory. 102.4.0-1 - Update to 102.4.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
Oracle Linux 7 : thunderbird (ELSA-2022-7184)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7184 advisory. - Fix for expat CVE-2022-40674 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
AlmaLinux 8 : thunderbird (ALSA-2022:7190)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7190 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or...
GHSA-FC4H-XCF3-QJ5F matrix-sdk 0.6.0 logs access tokens
When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...
matrix-sdk 0.6.0 logs access tokens
When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue. An attacker could potentially cause data integrity issues by sending specially crafted messages...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account unde...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue. An attacker could potentially cause data integrity issues by sending specially crafted messages...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...