Lucene search
K

3662 matches found

OSV
OSV
added 2022/09/12 8:10 p.m.23 views

CVE-2022-39200 Signature checks not applied to some retrieved missing events

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS6.1AI score0.003EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.3 views

Dendrite 数据伪造问题漏洞

Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...

7.3CVSS6.5AI score0.003EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/09/07 12:0 a.m.39 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-249-02)

The version of mozilla-thunderbird installed on the remote host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-249-02 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the...

8.2CVSS7.4AI score0.00932EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/06 8:15 p.m.4 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.3CVSS5.4AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2022/09/06 8:15 p.m.2 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.3CVSS5.8AI score0.00435EPSS
Exploits0References2
Prion
Prion
added 2022/09/06 8:15 p.m.17 views

Authorization

DISPUTED Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specif...

5CVSS5.3AI score0.00435EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/09/06 12:0 a.m.62 views

CVE-2022-32277

Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...

5.3CVSS5.3AI score0.00435EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.4 views

Squiz Matrix 安全漏洞

Squiz Matrix is a web CMS from Squiz, Inc. that helps digital marketers create and publish content while building websites without deep technical skills. A security vulnerability exists in Squiz Matrix CMS version 6.20, which stems from an insecure direct object reference vulnerability when it...

5.3CVSS5.8AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/06 12:0 a.m.23 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.6AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-21201 · Squiz · Squiz Matrix Cms

Name of the Vulnerable Software and Affected Versions: Squiz Matrix CMS version 6.20 Description: The issue is caused by a failure to correctly validate authorization when submitting a request to change a user's contact details, leading to an Insecure Direct Object Reference. This allows...

5.3CVSS7.1AI score0.00435EPSS
Exploits0References7
Veracode
Veracode
added 2022/09/03 12:56 p.m.24 views

Prototype Pollution

matrix-js-sdk is vulnerable to Prototype Pollution. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede in the library, which leads to excluding or corrupting runtime data...

8.2CVSS6.7AI score0.00932EPSS
Exploits0References5Affected Software5
Veracode
Veracode
added 2022/09/03 12:36 p.m.29 views

Prototype Pollution

matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...

8.2CVSS5.7AI score0.00906EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/09/02 8:15 p.m.24 views

CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

7.5CVSS0.00904EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/09/02 8:15 p.m.4 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31152 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31152 Source advisory: OSV:PYSEC-2022-262...

7.5CVSS7.2AI score0.00904EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/09/02 8:15 p.m.30 views

CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

7.5CVSS2.9AI score0.00904EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2022/09/02 8:15 p.m.26 views

CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

7.5CVSS7AI score0.00904EPSS
Exploits0References5
Prion
Prion
added 2022/09/02 8:15 p.m.17 views

Authorization

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

5CVSS7.3AI score0.00904EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/09/02 8:0 p.m.110 views

CVE-2022-31152

CVE-2022-31152 affects the Synapse Matrix homeserver. Up to version 1.61.0, some event authorization rules are not correctly applied, allowing crafted events to be accepted by Synapse but not by a spec-conformant server. This can cause divergence in room state between federation-enabled servers. ...

7.5CVSS6.7AI score0.00904EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/02 8:0 p.m.27 views

CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

6.4CVSS7.7AI score0.00904EPSS
Exploits0References4
OSV
OSV
added 2022/09/02 8:0 p.m.25 views

CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

6.4CVSS7.4AI score0.00904EPSS
Exploits0References6
Rows per page
Query Builder