ALEA-2020:4802 perl:5.30 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

perl:5.30 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALEA-2020:4767 perl:5.30 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

perl:5.30 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

[ASA-202011-4] matrix-synapse: cross-site scripting

Arch Linux Security Advisory ASA-202011-4 ========================================= Severity: High Date : 2020-11-03 CVE-ID : CVE-2020-26891 Package : matrix-synapse Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1252 Summary ======= The package matrix-synapse...

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning ML systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to...

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning ML systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to...

Cyberattacks against machine learning systems are more common than you think

Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...

Cyberattacks against machine learning systems are more common than you think

Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

DEBIAN-CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

PYSEC-2020-238

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

Design/Logic Flaw

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

PYSEC-2020-238

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26891 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26891 Source advisory: OSV:PYSEC-2020-238...

UBUNTU-CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

CVE-2020-26891

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...