3662 matches found
CVE-2022-39200 Signature checks not applied to some retrieved missing events
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
Dendrite 数据伪造问题漏洞
Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-249-02)
The version of mozilla-thunderbird installed on the remote host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-249-02 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
Authorization
DISPUTED Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specif...
CVE-2022-32277
Affected product: Squiz Matrix CMS 6.20. Vulnerability: Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user’s contact details. Impact (as stated): Confidentiality: None; Integrity: Low; Availability: None. Root cause / ...
Squiz Matrix 安全漏洞
Squiz Matrix is a web CMS from Squiz, Inc. that helps digital marketers create and publish content while building websites without deep technical skills. A security vulnerability exists in Squiz Matrix CMS version 6.20, which stems from an insecure direct object reference vulnerability when it...
CVE-2022-32277
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...
PT-2022-21201 · Squiz · Squiz Matrix Cms
Name of the Vulnerable Software and Affected Versions: Squiz Matrix CMS version 6.20 Description: The issue is caused by a failure to correctly validate authorization when submitting a request to change a user's contact details, leading to an Insecure Direct Object Reference. This allows...
Prototype Pollution
matrix-js-sdk is vulnerable to Prototype Pollution. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede in the library, which leads to excluding or corrupting runtime data...
Prototype Pollution
matrix-react-sdk is vulnerable to Denial Of Service DoS. The vulnerability exists because the events sent with special strings in key places can temporarily disrupt or impede the EventTileFactory, which allows an attacker to cause a room or event tile crash...
CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31152 via matrix-synapse (>=0.33.9 <=1.153.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31152 Source advisory: OSV:PYSEC-2022-262...
CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
CVE-2022-31152
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
Authorization
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
CVE-2022-31152
CVE-2022-31152 affects the Synapse Matrix homeserver. Up to version 1.61.0, some event authorization rules are not correctly applied, allowing crafted events to be accepted by Synapse but not by a spec-conformant server. This can cause divergence in room state between federation-enabled servers. ...
CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...
CVE-2022-31152 Synapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...