3661 matches found
GHSA-GWF7-VFJF-WF6X matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...
GHSA-Q9H8-GPW5-C95C Matrix Sydent mishandles emails
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
Matrix Sydent mishandles emails
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...
Improper handling of multiline messages in node-irc affects matrix-appservice-irc
matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...
GHSA-37HR-348P-RMF4 Improper handling of multiline messages in node-irc affects matrix-appservice-irc
matrix-appservice-irc provides an IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. In terms of ...
CVE-2021-21332
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-21394
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2022-29199
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Th...
DEBIAN-CVE-2022-29021
A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...
DEBIAN-CVE-2022-29023
A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...
DEBIAN-CVE-2022-29022
A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...
UBUNTU-CVE-2022-29023
A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...
UBUNTU-CVE-2022-29022
A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrixcustomframe device...
OpenRazer安全漏洞
OpenRazer is an open source driver and userspace daemon. It is used to control Razer lighting and other features on GNU/Linux. A security vulnerability exists in OpenRazer version 3.3.0 and prior versions, which originates from a buffer overflow in the razermouse driver. An attacker could exploit...
OpenRazer 安全漏洞
OpenRazer is an open source driver and userspace daemon. It is used to control Razer lighting and other features on GNU/Linux. A security vulnerability exists in OpenRazer version 3.3.0 and prior versions, which stems from a buffer overflow in the razerkbd driver. An attacker could exploit this...
PT-2022-19371 · Openrazer +1 · Openrazer +1
Name of the Vulnerable Software and Affected Versions: OpenRazer versions prior to v3.3.0 Description: A buffer overflow issue exists in the razermouse driver, allowing attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the matrix custom...
PT-2022-19369 · Openrazer +1 · Openrazer +1
Name of the Vulnerable Software and Affected Versions: OpenRazer versions up to v3.3.0 Description: A buffer overflow issue exists in the razerkbd driver, allowing attackers to cause a Denial of Service DoS and possibly escalate their privileges via a crafted buffer sent to the "matrix custom...
CVE-2022-22773
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Serv...
Matrix Synapse DoS
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...