119 matches found
SUSE CVE-2024-33901
Issue in KeePassXC 2.7.7 allows an attacker who has the privileges of the victim to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs...
KeePass 安全漏洞
KeePass is an open source password manager. A security vulnerability exists in KeePassXC version 2.7.7, which stems from a vulnerability that allows an attacker to recover some passwords stored in the .kdbx database...
Missing Authorization Checks
matrixsynapse is vulnerable to Improper Authentication. The vulnerability is due to the completelogin function as It fails to verify the deactivated status of users during login. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the jwtconfig.enabled...
Authorization Bypass
matrix-synapse is vulnerable to Authorization Bypass. The vulnerability exists because it does not properly validate the deactivated status of users during login time. which allows a user to login even if there account is deactivated. Note that this vulnerability only applies if JSON Web Tokens a...
SUSE CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
DEBIAN-CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
PYSEC-2023-84
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
Design/Logic Flaw
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
PYSEC-2023-84
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
UBUNTU-CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682 Improper checks for deactivated users during login in synapse
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
GHSA-26C5-PPR8-F33P Synapse has improper checks for deactivated users during login
Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...
Apache Superset 信息泄露漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions 1.3.0 through 2.0.1, which stems from a vulnerability that allows authenticated users to access a database that stores...
CVE-2023-0567
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
CVE-2022-26115
A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...
Fortinet FortiSandbox 安全漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A security vulnerability exists in Fortinet FortiSandbox versions prior to...