Lucene search
K

3626 matches found

Cvelist
Cvelist
added 2022/11/10 12:0 a.m.33 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.4AI score0.01192EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/10 12:0 a.m.24 views

PT-2022-22958 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 22.06 dotCMS version 5.3.8.12 dotCMS version 21.06.9 dotCMS version 22.03.2 Description: The issue allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a U...

6.1CVSS6.2AI score0.01192EPSS
Exploits1References7
Check Point Advisories
Check Point Advisories
added 2022/11/03 12:0 a.m.5 views

Jenkins Matrix Project Plugin Cross-Site Scripting (CVE-2022-20615)

A stored cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin. This vulnerability is due to insufficient validation of node and label names, and label descriptions parameters...

3.5CVSS2.4AI score0.81842EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.26 views

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:7184)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7184-1 advisory. - Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 - Mozilla:...

8.8CVSS7.6AI score0.00992EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/10/31 12:0 a.m.28 views

GLSA-202210-35 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-35 Mozilla Thunderbird: Multiple Vulnerabilities - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the...

8.8CVSS7.7AI score0.00992EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/10/28 12:0 a.m.23 views

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2022:3800-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3800-1 advisory. - Mozilla Thunderbird 102.4.0 bsc1204421 changed: Thunderbird will automatically detect and repa...

8.8CVSS6.6AI score0.01342EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2022/10/27 12:0 a.m.24 views

AlmaLinux 9 : thunderbird (ALSA-2022:7178)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7178 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or...

8.8CVSS7.7AI score0.00992EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.33 views

Oracle Linux 9 : thunderbird (ELSA-2022-7178)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7178 advisory. 102.4.0-1 - Update to 102.4.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

8.8CVSS7.4AI score0.00992EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.28 views

Oracle Linux 7 : thunderbird (ELSA-2022-7184)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7184 advisory. - Fix for expat CVE-2022-40674 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

8.8CVSS7.4AI score0.01659EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/10/26 12:0 a.m.26 views

AlmaLinux 8 : thunderbird (ALSA-2022:7190)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7190 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or...

8.8CVSS7.7AI score0.00992EPSS
Exploits0References9
OSV
OSV
added 2022/10/25 8:22 p.m.15 views

GHSA-FC4H-XCF3-QJ5F matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/25 8:22 p.m.19 views

matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

4.3AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.3 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue. An attacker could potentially cause data integrity issues by sending specially crafted messages...

5.3CVSS7.3AI score0.00992EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.4 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

7.5CVSS7.3AI score0.00938EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.5 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account unde...

8.6CVSS7.3AI score0.00865EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.5 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...

8.6CVSS7.3AI score0.00928EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.37 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS6.7AI score0.00992EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/10/25 2:53 p.m.3 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue. An attacker could potentially cause data integrity issues by sending specially crafted messages...

5.3CVSS7.3AI score0.00992EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 2:53 p.m.4 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...

8.6CVSS7.3AI score0.00928EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 2:53 p.m.4 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

7.5CVSS7.3AI score0.00938EPSS
Exploits0References5
Rows per page
Query Builder