Lucene search
K

3662 matches found

OSV
OSV
added 2022/09/28 12:0 a.m.25 views

CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.3AI score0.00938EPSS
Exploits0References8
OSV
OSV
added 2022/09/28 12:0 a.m.19 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.00865EPSS
Exploits0References7
OSV
OSV
added 2022/09/28 12:0 a.m.20 views

CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

4.3CVSS7AI score0.00992EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.34 views

Oracle Linux 8 : thunderbird (ELSA-2022-6708)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6708 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...

8.8CVSS7.4AI score0.01342EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2022/09/26 4:34 p.m.3 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 3:57 p.m.3 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 3:41 p.m.7 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 3:37 p.m.4 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 3:15 p.m.4 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/26 2:54 p.m.6 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2022/09/23 12:0 a.m.78 views

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

8.6CVSS2.6AI score0.00992EPSS
Exploits0References1
OSV
OSV
added 2022/09/16 10:28 p.m.2 views

GHSA-9VQJ-64PV-W55C TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`

Impact When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf a = tf.constant, shape=0, 1, 1, dtype=tf.float32 tf.linalg.matrixranka=a Patches We have patched the issue in GitHub...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/16 9:35 p.m.10 views

CVE-2022-35988 `CHECK` fail in `tf.linalg.matrix_rank` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

5.9CVSS7.3AI score0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/16 9:35 p.m.36 views

CVE-2022-35988 `CHECK` fail in `tf.linalg.matrix_rank` in TensorFlow

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

5.9CVSS7.5AI score0.00405EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/09/16 9:35 p.m.4 views

CVE-2022-35988

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

7.5CVSS6.7AI score0.00405EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.3 views

PT-2022-23086 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when the tf.linalg.matrix rank function receives an empty inpu...

7.5CVSS7.5AI score0.00405EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.3 views

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from the GPU kernel failing to assert when tf.linalg.matrixrank receives a null input a, which can be used to trigger a denial-of-servic...

7.5CVSS7.6AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2022/09/15 3:26 a.m.23 views

GHSA-CQ7Q-5C67-W39W matrix-appservice-irc vulnerable to IRC mode parameter confusion

Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...

4.3CVSS5.5AI score0.00681EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/15 3:26 a.m.40 views

matrix-appservice-irc vulnerable to IRC mode parameter confusion

Impact IRC allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such modes incorrectly, potentially resulting in the wrong user being given permissions. Mode command...

6.3CVSS6.4AI score0.00681EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/15 3:26 a.m.14 views

GHSA-XVQG-MV25-RWVW Parsing issue in matrix-org/node-irc leading to room takeovers

Impact Attackers can specify a specific string of characters, which would confuse the bridge into combining an attacker-owned channel and an existing channel, allowing them to grant themselves permissions in the channel. Patched The vulnerability has been patched in matrix-appservice-irc 0.35.0...

8.8CVSS8.6AI score0.00717EPSS
Exploits0References4
Rows per page
Query Builder