Design/Logic Flaw

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

CVE-2021-32659 Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

CVE-2021-32659

CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...

CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

DEBIAN-CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

Stack overflow

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

UBUNTU-CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

CVE-2021-34813

Matrix libolm before 3.2.3 is affected. The flaw is in olm_pk_decrypt, causing a stack-based buffer overflow that can crash the client when retrieving an Olm-encrypted room key backup from a Matrix homeserver; remote code execution might be possible in some nonstandard builds. A fix is available ...

CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

CVE-2021-34813

Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client while it is attempting to retrieve an Olm encrypted room key backup from the homeserver because olmpkdecrypt has a stack-based buffer overflow. Remote code execution might be possible for some nonstandard build...

Matrix libm 缓冲区错误漏洞

Matrix libolm is a cryptographic library. a security vulnerability exists in Matrix libolm, which can be exploited by attackers for remote code execution...

Matrix-appservice-bridge 访问控制错误漏洞

Matrix-appservice-bridge is an open source service. It is used for bridging application services for the Matrix communication program. A security vulnerability exists in Matrix-appservice-bridge, which stems from the fact that in version 2.6.0 and earlier, if the bridge is configured with room...

What you need to know: Transitioning CSA STAR for Cloud Controls Matrix 4.0

In January of this year, the Cloud Security Alliance CSA released a major revision to its widely adopted Cloud Controls Matrix CCM in the form of version 4.0. This comes in the middle of a calendar year where several alternative information security frameworks are also expected to be refined,...

[ASA-202105-19] matrix-synapse: denial of service

Arch Linux Security Advisory ASA-202105-19 ========================================== Severity: Medium Date : 2021-05-25 CVE-ID : CVE-2021-29471 Package : matrix-synapse Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1943 Summary ======= The package matrix-synapse...

GHSA-PH87-FVJR-V33W CHECK-fail in `tf.raw_ops.RFFT`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT: python import tensorflow as tf inputs = tf.constant1, shape=1, dtype=tf.float32 fftlength = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.RFFTinput=inputs,...

GHSA-GVM4-H8J3-RJRQ CHECK-fail in `LoadAndRemapMatrix`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix: python import tensorflow as tf ckptpath = tf.constant, shape=0, dtype=tf.string oldtensorname = tf.constant"" rowremapping = tf.constant, shape=0, dtype=tf.int64 colremapping =...

GHSA-VQW6-72R7-FGW7 OOB read in `MatrixTriangularSolve`

Impact The implementation of MatrixTriangularSolve fails to terminate kernel execution if one validation condition fails: cc void ValidateInputTensorsOpKernelContext ctx, const Tensor& in0, const Tensor& in1 override OPREQUIRES ctx, in0.dims = 2, errors::InvalidArgument"In0 ndims must be = 2: ",...

GHSA-XCWJ-WFCM-M23C Invalid validation in `SparseMatrixSparseCholesky`

Impact An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky: python import tensorflow as tf import numpy as np from tensorflow.python.ops.linalg.sparse import sparsecsrmatrixops indicesarray = np.array0, 0 valuearray =...