Lucene search
K

3661 matches found

OSV
OSV
added 2022/05/24 4:45 p.m.22 views

GHSA-GWF7-VFJF-WF6X matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

8.7CVSS7.5AI score0.0178EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:43 p.m.28 views

GHSA-Q9H8-GPW5-C95C Matrix Sydent mishandles emails

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...

5.9CVSS6.4AI score0.01861EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:43 p.m.28 views

Matrix Sydent mishandles emails

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...

5.9CVSS6.9AI score0.01861EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/23 8:17 p.m.48 views

Improper handling of multiline messages in node-irc affects matrix-appservice-irc

matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...

8.8CVSS8.3AI score0.00938EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/23 8:17 p.m.13 views

GHSA-37HR-348P-RMF4 Improper handling of multiline messages in node-irc affects matrix-appservice-irc

matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...

8CVSS8.2AI score0.00938EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/05/20 11:25 p.m.36 views

CVE-2021-21332

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The...

8.2CVSS3.7AI score0.01221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:6 p.m.29 views

CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

5.3CVSS1.2AI score0.01647EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/05/20 10:28 p.m.33 views

CVE-2021-21394

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

6.5CVSS0.8AI score0.01538EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/05/20 9:40 p.m.1 views

CVE-2022-29199

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Th...

5.5CVSS7AI score0.00317EPSS
Exploits1
OSV
OSV
added 2022/05/20 1:15 p.m.1 views

DEBIAN-CVE-2022-29021

A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...

9.8CVSS8.8AI score0.02049EPSS
Exploits1References1
OSV
OSV
added 2022/05/20 1:15 p.m.1 views

DEBIAN-CVE-2022-29023

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...

9.8CVSS8.8AI score0.02072EPSS
Exploits1References1
OSV
OSV
added 2022/05/20 1:15 p.m.1 views

DEBIAN-CVE-2022-29022

A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...

9.8CVSS8.5AI score0.02049EPSS
Exploits1References1
OSV
OSV
added 2022/05/20 1:15 p.m.4 views

UBUNTU-CVE-2022-29023

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...

9.8CVSS7.5AI score0.02072EPSS
Exploits1References4
OSV
OSV
added 2022/05/20 1:15 p.m.1 views

UBUNTU-CVE-2022-29022

A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...

9.8CVSS6AI score0.02049EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.4 views

OpenRazer安全漏洞

OpenRazer is an open source driver and userspace daemon. It is used to control Razer lighting and other features on GNU/Linux. A security vulnerability exists in OpenRazer version 3.3.0 and prior versions, which originates from a buffer overflow in the razermouse driver. An attacker could exploit...

9.8CVSS8.5AI score0.02072EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.3 views

OpenRazer 安全漏洞

OpenRazer is an open source driver and userspace daemon. It is used to control Razer lighting and other features on GNU/Linux. A security vulnerability exists in OpenRazer version 3.3.0 and prior versions, which stems from a buffer overflow in the razerkbd driver. An attacker could exploit this...

9.8CVSS8.5AI score0.02049EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.8 views

PT-2022-19371 · Openrazer +1 · Openrazer +1

Name of the Vulnerable Software and Affected Versions: OpenRazer versions prior to v3.3.0 Description: A buffer overflow issue exists in the razermouse driver, allowing attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrix custom...

9.8CVSS7.3AI score0.02072EPSS
Exploits3References19
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.5 views

PT-2022-19369 · Openrazer +1 · Openrazer +1

Name of the Vulnerable Software and Affected Versions: OpenRazer versions up to v3.3.0 Description: A buffer overflow issue exists in the razerkbd driver, allowing attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the "matrix custom...

9.8CVSS7.3AI score0.02072EPSS
Exploits3References20
OSV
OSV
added 2022/05/17 6:15 p.m.7 views

CVE-2022-22773

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Serv...

5.4CVSS6.1AI score0.00477EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 3:20 a.m.24 views

Matrix Synapse DoS

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

7.5CVSS7.1AI score0.0151EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder