3661 matches found
GHSA-P9RC-RMR5-529J Missing validation causes denial of service via `LoadAndRemapMatrix`
Impact The implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf ckptpath = tf.constant...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2019-18835 via matrix-synapse (>=0.33.9 <=1.153.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2019-18835 Source advisory: OSV:GHSA-CPPW-2MF8-QPM5...
GHSA-CPPW-2MF8-QPM5 Improper Verification of Cryptographic Signature in matrix-synapse
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
Logic error in Matrix SDK for Android
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...
GHSA-JJMC-4P83-PP26 Logic error in Matrix SDK for Android
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated...
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to...
com.joelj.jenkins:ez-templates (=1.0.5), com.synopsys.jenkinsci:ownership (>=0.9.0 <=0.13.0) +12 more potentially affected by CVE-2021-21623 via org.jenkins-ci.plugins:matrix-auth (>=1.0 <=1.7)
org.jenkins-ci.plugins:matrix-auth MAVEN version =1.0, =0.9.0, =0.34, =1.535, =1.645, =0.1.1, =1.0, =2.4.0, =1.0-beta.2, =1.0, =2.0.0, =0.1, =1.0.21 Source cves: CVE-2021-21623 Source advisory: OSV:GHSA-96JW-3XW4-MQ9P...
GHSA-96JW-3XW4-MQ9P Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Items like jobs can be organized hierarchically in Jenkins, using the Folders Plugin or something similar. An item is expected to be accessible only if all its ancestors are accessible as well. Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly perform permission checks to...
GHSA-VR6V-WJFW-RXCR Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Matrix Project Plugin 1.17 escapes the axi...
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...
com.joelj.jenkins:ez-templates (=1.0.5), com.synopsys.jenkinsci:ownership (>=0.9.0 <=0.13.0) +12 more potentially affected by CVE-2020-2226 via org.jenkins-ci.plugins:matrix-auth (>=1.0 <=1.7)
org.jenkins-ci.plugins:matrix-auth MAVEN version =1.0, =0.9.0, =0.34, =1.535, =1.645, =0.1.1, =1.0, =2.4.0, =1.0-beta.2, =1.0, =2.0.0, =0.1, =1.0.21 Source cves: CVE-2020-2226 Source advisory: OSV:GHSA-VR6V-WJFW-RXCR...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2225 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2225 Source advisory: OSV:GHSA-W43X-5F8F-686P...
GHSA-W43X-5F8F-686P Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Matrix Project Plugin 1.17 escapes the axi...
Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +33 more potentially affected by CVE-2020-2224 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.14)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 and more Source cves: CVE-2020-2224 Source advisory: OSV:GHSA-H6QC-455M-7V6V...
GHSA-H6QC-455M-7V6V Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin
Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...
GHSA-324H-2V7H-Q3XX RCE vulnerability in Jenkins Yaml Axis Plugin
Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a multi-configuration Matrix job, or control the contents of a previously...
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-11842 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-11842 Source advisory: OSV:GHSA-GWF7-VFJF-WF6X...