CVE-2024-32000

Matrix-appservice-irc (Node.js IRC bridge) before version 2.0.0 could leak the truncated body of a message when a malicious user replies to an event they shouldn’t access, provided they know the event ID and are in both the Matrix room and the bridged IRC channel. The root cause involved reliance...

UAMQP Security Vulnerabilities

UAMQP is the generic C library for AMQP. A security vulnerability exists in versions of UAMQP prior to 2023-12-01 that stems from a post-release reuse vulnerability during a call to opengetofferedcabilities. An attacker could exploit the vulnerability to execute remote code...

Tor Equip Security Vulnerability

Tor Equip is Tor's gateway for monitoring chillers, gensets and compressors. A security vulnerability exists in Tor Equip version 1.0, Tor Loco Mini versions 1.0 through 3.1, which originated from a vulnerability that could allow a remote attacker to execute arbitrary code via a crafted request t...

Rocky Linux 8 : thunderbird (RLSA-2022:6708)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specifi...

AlmaLinux 8 : thunderbird (ALSA-2023:1802)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:1802 advisory. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key place...

AlmaLinux 9 : thunderbird (ALSA-2023:1809)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:1809 advisory. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key place...

RHEL 9 : thunderbird (RHSA-2023:1809)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1809 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes:...

CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

Code injection

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2023-28427

CVE-2023-28427 affects matrix-js-sdk (Node/JS Matrix client) prior to 24.0.0. Root cause cited as prototype pollution; impact described as disruption or corruption of runtime data, potentially affecting data processing. Patch is to upgrade to matrix-js-sdk 24.0.0; no public workarounds documented...

CVE-2023-28427 Prototype pollution in matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

SUSE CVE-2009-3083

The msnslpsiprecv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an SLP invite message that lacks certain required fields, as...

SUSE CVE-2016-2366

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

SUSE CVE-2016-2369

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerabilit...

SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

ALSA-2023:0096 Moderate: dbus security update

D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fixes: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets...

The vulnerability of the AMQP protocol implementation of the message broker RabbitMQ in Dell EMC NetWorker’s backup and disaster recovery systems allows a perpetrator to escalate their privileges.

The vulnerability of the Advanced Message Queuing Protocol AMQP implementation of the message broker RabbitMQ in Dell EMC NetWorker’s backup and disaster recovery systems lies in the transmission of critical information in plaintext. Exploiting this vulnerability could allow an attacker to enhanc...

PT-2022-23880 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKit versions below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327 Description: An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Recommendations: For versions below commit...