3661 matches found
GHSA-VMCC-4P4X-X7WG Matrix Synapse DoS
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...
Matrix Synapse Improper Signature Validation
Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation...
GHSA-FMVH-RVQ5-HHJX Matrix Synapse Improper Signature Validation
Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation...
GHSA-V8WM-G9F2-XJV4 Matrix Synapse Security Filtering Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
Matrix Synapse Security Filtering Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
GHSA-QXF8-8837-HQ7W Script security sandbox bypass in Matrix Project Plugin
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +30 more potentially affected by CVE-2019-1003031 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.13)
org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.4.2, =0.34, =1.561, =1.599 - org.jenkins-ci.plugins:Matrix-sorter-plugin =1.3 - org.jenkins-ci.plugins:build-blocker-plugin =1.7.3 and more Source cves:...
Script security sandbox bypass in Matrix Project Plugin
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...
GHSA-VW2C-5WPH-V92R Improper Neutralization of Input During Web Page Generation in Apache CXF
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...
Matrix Synapse Predictable Secret Key
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-5885 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-5885 Source advisory: OSV:GHSA-JRQM-V8CV-53WW...
GHSA-JRQM-V8CV-53WW Matrix Synapse Predictable Secret Key
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
ALEA-2022:1957 perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
ALEA-2022:1955 perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
ALEA-2022:1956 perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
perl:5.32 metadata for the AlmaLinux 8 module matrix
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
Remote Code Execution (RCE)
matrix-appservice-irc is vulnerable to remote code execution. An attacker is able to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message...