3662 matches found
Matrix Synapse 安全漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse version 1.61.0 and earlier, which stems from some of these rules not being applied correctly when determining whether events should be accepted into ...
The vulnerability in the implementation of the Matrix protocol for Thunderbird email clients allows a perpetrator to carry out a DoS attack.
The vulnerability of the Thunderbird email client’s Matrix protocol is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute a DoS attack...
Fedora 36 : thunderbird (2022-8bf22a684b)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...
CVE-2022-36059
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's...
matrix-js-sdk 安全漏洞
matrix-js-sdk is an application component of matrix open source. A security vulnerability exists in matrix-js-sdk versions prior to 19.4.0, which stems from an event sent using a special string in a critical location may temporarily interrupt or prevent matrix-js-sdk from functioning properly...
CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
FreeBSD : Matrix clients -- several vulnerabilities (e4d93d07-297a-11ed-95f8-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e4d93d07-297a-11ed-95f8-901b0e9408dc advisory. - Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service...
UBUNTU-CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
Mozilla Thunderbird < 102.2.1
The version of Thunderbird installed on the remote Windows host is prior to 102.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-38 advisory. - If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2022-31152 via matrix-synapse (>=0.33.9 <=1.153.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2022-31152 Source advisory: OSV:GHSA-JHJH-776M-4765...
Matrix clients -- several vulnerabilities
Matrix developers report: The vulnerabilities give an adversary who you share a room with the ability to carry out a denial-of-service attack against the affected clients, making it not show all of a user's rooms or spaces and/or causing minor temporary corruption...
GO-2022-0952 Incorrect event parsing in github.com/matrix-org/gomatrixserverlib
Power level parsing does not parse the "eventsdefault" key of the m.room.powerlevels event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the eventdefault power level has been changed...
Authorization Bypass
github.com/matrix-org/dendrite is vulnerable to authorization bypass. The vulnerability exists in the eventsdefault level in m.room.powerlevels events of eventcontent.go when defaulting the event default power level to zero in all cases, resulting in events either being incorrectly authorized or...
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
Design/Logic Flaw
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
CVE-2022-36009
CVE-2022-36009 affects gomatrixserverlib (Matrix federation library) and the Dendrite server. The root cause was incorrect parsing of the m.room.power_levels events_default field, which could cause events to be improperly authorized or rejected in rooms where events_default had been changed. A fi...
CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...
The vulnerability of the data transmission software via the Matrix protocol in Element Desktop lies in the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the data transmission software via the Matrix protocol in Element Desktop is related to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created link...