Lucene search
K

3661 matches found

OSV
OSV
added 2022/05/24 10:9 p.m.2 views

GHSA-P9RC-RMR5-529J Missing validation causes denial of service via `LoadAndRemapMatrix`

Impact The implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf ckptpath = tf.constant...

5.5CVSS5.8AI score0.00317EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2022/05/24 10:1 p.m.3 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2019-18835 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2019-18835 Source advisory: OSV:GHSA-CPPW-2MF8-QPM5...

9.8CVSS7.6AI score0.00864EPSS
Exploits0
OSV
OSV
added 2022/05/24 10:1 p.m.18 views

GHSA-CPPW-2MF8-QPM5 Improper Verification of Cryptographic Signature in matrix-synapse

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...

8.8CVSS9.4AI score0.00864EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 7:14 p.m.19 views

Logic error in Matrix SDK for Android

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...

5.9CVSS6.8AI score0.00641EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 7:14 p.m.14 views

GHSA-JJMC-4P83-PP26 Logic error in Matrix SDK for Android

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...

5.9CVSS5.5AI score0.00641EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:44 p.m.40 views

Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items

Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to...

6.5CVSS3AI score0.01011EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:44 p.m.6 views

com.joelj.jenkins:ez-templates (=1.0.5), com.synopsys.jenkinsci:ownership (>=0.9.0 <=0.13.0) +12 more potentially affected by CVE-2021-21623 via org.jenkins-ci.plugins:matrix-auth (>=1.0 <=1.7)

org.jenkins-ci.plugins:matrix-auth MAVEN version =1.0, =0.9.0, =0.34, =1.535, =1.645, =0.1.1, =1.0, =2.4.0, =1.0-beta.2, =1.0, =2.0.0, =0.1, =1.0.21 Source cves: CVE-2021-21623 Source advisory: OSV:GHSA-96JW-3XW4-MQ9P...

6.5CVSS6.5AI score0.01011EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:44 p.m.1 views

GHSA-96JW-3XW4-MQ9P Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items

Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to...

6.5CVSS5.9AI score0.01011EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:23 p.m.39 views

GHSA-VR6V-WJFW-RXCR Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin

Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...

8CVSS5.6AI score0.00919EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.32 views

Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Matrix Project Plugin 1.17 escapes the axi...

5.4CVSS5.7AI score0.01041EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.29 views

Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin

Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...

5.4CVSS5.5AI score0.00919EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:23 p.m.5 views

com.joelj.jenkins:ez-templates (=1.0.5), com.synopsys.jenkinsci:ownership (>=0.9.0 <=0.13.0) +12 more potentially affected by CVE-2020-2226 via org.jenkins-ci.plugins:matrix-auth (>=1.0 <=1.7)

org.jenkins-ci.plugins:matrix-auth MAVEN version =1.0, =0.9.0, =0.34, =1.535, =1.645, =0.1.1, =1.0, =2.4.0, =1.0-beta.2, =1.0, =2.0.0, =0.1, =1.0.21 Source cves: CVE-2020-2226 Source advisory: OSV:GHSA-VR6V-WJFW-RXCR...

5.4CVSS6.4AI score0.00919EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:23 p.m.5 views

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2225 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2225 Source advisory: OSV:GHSA-W43X-5F8F-686P...

5.4CVSS6.4AI score0.01041EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:23 p.m.23 views

GHSA-W43X-5F8F-686P Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Matrix Project Plugin 1.17 escapes the axi...

8CVSS5.6AI score0.01041EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.28 views

Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...

5.4CVSS5.6AI score0.00919EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:23 p.m.4 views

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2224 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2224 Source advisory: OSV:GHSA-H6QC-455M-7V6V...

5.4CVSS6.4AI score0.00919EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:23 p.m.20 views

GHSA-H6QC-455M-7V6V Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...

8CVSS5.6AI score0.00919EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:15 p.m.20 views

GHSA-324H-2V7H-Q3XX RCE vulnerability in Jenkins Yaml Axis Plugin

Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a multi-configuration Matrix job, or control the contents of a previously...

8.8CVSS9AI score0.02867EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:45 p.m.24 views

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

7.5CVSS2.5AI score0.0178EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2022/05/24 4:45 p.m.2 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-11842 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-11842 Source advisory: OSV:GHSA-GWF7-VFJF-WF6X...

7.5CVSS7.1AI score0.0178EPSS
Exploits0
Rows per page
Query Builder