Lucene search
K

3662 matches found

CNNVD
CNNVD
added 2022/09/02 12:0 a.m.5 views

Matrix Synapse 安全漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse version 1.61.0 and earlier, which stems from some of these rules not being applied correctly when determining whether events should be accepted into ...

7.5CVSS7.3AI score0.00904EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.6 views

The vulnerability in the implementation of the Matrix protocol for Thunderbird email clients allows a perpetrator to carry out a DoS attack.

The vulnerability of the Thunderbird email client’s Matrix protocol is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute a DoS attack...

7.8CVSS6.8AI score0.00932EPSS
Exploits0References7Affected Software4
Tenable Nessus
Tenable Nessus
added 2022/09/02 12:0 a.m.32 views

Fedora 36 : thunderbird (2022-8bf22a684b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/09/01 9:54 a.m.48 views

CVE-2022-36059

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...

6.1CVSS4.5AI score0.00932EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.1 views

matrix-js-sdk 安全漏洞

matrix-js-sdk is an application component of matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 19.4.0, which stems from an event sent using a special string in a critical location may temporarily interrupt or prevent matrix-js-sdk from functioning properly...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2022/09/01 12:0 a.m.38 views

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS6.6AI score0.00932EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.46 views

FreeBSD : Matrix clients -- several vulnerabilities (e4d93d07-297a-11ed-95f8-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e4d93d07-297a-11ed-95f8-901b0e9408dc advisory. - Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service...

8.2CVSS7.3AI score0.00932EPSS
Exploits0References4
OSV
OSV
added 2022/09/01 12:0 a.m.1 views

UBUNTU-CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

8.2CVSS6.7AI score0.00932EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.56 views

Mozilla Thunderbird < 102.2.1

The version of Thunderbird installed on the remote Windows host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-38 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the...

8.2CVSS7.4AI score0.00932EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/08/31 9:25 p.m.4 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31152 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31152 Source advisory: OSV:GHSA-JHJH-776M-4765...

7.5CVSS7.2AI score0.00904EPSS
Exploits0
FreeBSD
FreeBSD
added 2022/08/31 12:0 a.m.26 views

Matrix clients -- several vulnerabilities

Matrix developers report: The vulnerabilities give an adversary who you share a room with the ability to carry out a denial-of-service attack against the affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption...

8.2CVSS4.1AI score0.00932EPSS
Exploits0References1
OSV
OSV
added 2022/08/22 6:8 p.m.24 views

GO-2022-0952 Incorrect event parsing in github.com/matrix-org/gomatrixserverlib

Power level parsing does not parse the "eventsdefault" key of the m.room.powerlevels event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the eventdefault power level has been changed...

8.8CVSS6.5AI score0.0065EPSS
Exploits0References1
Veracode
Veracode
added 2022/08/22 5:58 a.m.21 views

Authorization Bypass

github.com/matrix-org/dendrite is vulnerable to authorization bypass. The vulnerability exists in the eventsdefault level in m.room.powerlevels events of eventcontent.go when defaulting the event default power level to zero in all cases, resulting in events either being incorrectly authorized or...

8.8CVSS8.3AI score0.0065EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/08/19 9:15 p.m.61 views

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

8.8CVSS0.0065EPSS
Exploits0References3
Prion
Prion
added 2022/08/19 9:15 p.m.13 views

Design/Logic Flaw

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

6.5CVSS8.6AI score0.0065EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2022/08/19 9:15 p.m.33 views

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

8.8CVSS2.5AI score0.0065EPSS
Exploits0
CVE
CVE
added 2022/08/19 8:35 p.m.77 views

CVE-2022-36009

CVE-2022-36009 affects gomatrixserverlib (Matrix federation library) and the Dendrite server. The root cause was incorrect parsing of the m.room.power_levels events_default field, which could cause events to be improperly authorized or rejected in rooms where events_default had been changed. A fi...

8.8CVSS6.6AI score0.0065EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/08/19 8:35 p.m.48 views

CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

5CVSS8.9AI score0.0065EPSS
Exploits0References3
OSV
OSV
added 2022/08/19 8:35 p.m.23 views

CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

5CVSS8.4AI score0.0065EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/08/19 12:0 a.m.4 views

The vulnerability of the data transmission software via the Matrix protocol in Element Desktop lies in the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the data transmission software via the Matrix protocol in Element Desktop is related to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created link...

10CVSS8.1AI score0.01468EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder