Lucene search
+L

227 matches found

Veracode
Veracode
added 2023/10/12 1:44 p.m.23 views

Denial Of Service (DoS)

matrixsynapse is vulnerable to Denial Of Service DoS. The vulnerability is due to malicious server ACL events which can impact performance temporarily or permanently, leading to a persistent denial of service DoS...

4.9CVSS6.8AI score0.01166EPSS
Exploits0References9Affected Software3
AlpineLinux
AlpineLinux
added 2023/10/10 5:17 p.m.117 views

CVE-2023-45129

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...

4.9CVSS5AI score0.01166EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/09/28 11:13 a.m.48 views

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world...

7AI score
Exploits0
Rockylinux
Rockylinux
added 2023/09/26 1:26 p.m.30 views

389-ds:1.4 bug fix update

An update is available for 389-ds-base, module.389-ds-base. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list 389 Directory Server is an LDAP version 3 LDAPv3...

6.8AI score
Exploits0
NVD
NVD
added 2023/08/04 7:15 p.m.40 views

CVE-2023-38700

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

3.7CVSS3.8AI score0.00485EPSS
Exploits0References3
Prion
Prion
added 2023/08/04 7:15 p.m.16 views

Code injection

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

2.6CVSS4.1AI score0.00485EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/08/04 6:5 p.m.38 views

CVE-2023-38700 matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

3.5CVSS4.4AI score0.00485EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/08/04 5:26 p.m.42 views

matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Patches Please upgrade to 1.0.1. Workarounds You can set the matrixHandler.eventCacheSize config value to 0 to workaround this...

3.7CVSS6.4AI score0.00485EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/08/04 5:26 p.m.19 views

GHSA-C7HH-3V6C-FJ4Q matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Patches Please upgrade to 1.0.1. Workarounds You can set the matrixHandler.eventCacheSize config value to 0 to workaround this...

3.5CVSS3.7AI score0.00485EPSS
Exploits0References5
OSV
OSV
added 2023/07/06 1:15 p.m.3 views

CVE-2022-48518

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, whi...

5.5CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.7 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which originates from a vulnerability in the system where the signature verification service is...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2023/05/30 12:0 a.m.67 views

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: use-after-free in nftables when processing batch requests can lead to privilege escalation CVE-2023-32233 For more details about the security issues, including the impact, a CV...

7.8CVSS7.2AI score0.12966EPSS
Exploits7References4
Malwarebytes
Malwarebytes
added 2023/04/05 6:0 a.m.17 views

9 vital criteria for effective endpoint security: Insights from the 'Endpoint Security Evaluation Guide' eBook

Endpoint security has never been more important, and with the increasing complexity of the security stack, choosing the right solution can be confusing. The good news is that there is a guide available to help organizations navigate this complex landscape: the "Endpoint Security Evaluation Guide"...

6.7AI score
Exploits0
Prion
Prion
added 2023/03/30 7:15 p.m.17 views

Design/Logic Flaw

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is...

5CVSS7.6AI score0.00624EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/03/06 12:0 a.m.282 views

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code

Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lock can have a big negative performance impact on multithreaded workloads: If one thread is holding the mmap lock in exclusive mode fo...

0.7AI score0.00217EPSS
Exploits4
0day.today
0day.today
added 2023/03/06 12:0 a.m.463 views

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code Exploit

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions. Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lo...

7.8CVSS8AI score0.00217EPSS
Exploits4
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.31 views

K64124988: TMM IPv6 stack vulnerability CVE-2022-29479

Security Advisory Description When an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled disabled by default on a BIG-IP system, undisclosed packets may cause decreased performance.CVE-2022-29479 Impact This vulnerability allows an unauthenticated attacker to...

5.3CVSS5.7AI score0.00854EPSS
Exploits0Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:51 p.m.24 views

K52510343: ICMP PMTU messages are forwarded to the server side when the TCP proxy-mss setting is enabled in the associated profile

Security Advisory Description This issue occurs when all of the following conditions are met: Internet Control Message Protocol ICMP path maximum transmission unit PMTU messages are forwarded through the BIG-IP system running on the affected versions. OneConnect or SNAT is configured and actively...

6.8AI score
Exploits0
Citrix
Citrix
added 2023/02/20 12:0 a.m.8 views

Odd number CPU shows 100% CPU Utilization after disabling Hyperthreading.

After disabling the hyper-threading, the odd number CPU, example CPU 1,3,5 etc.. consistently shows 100% CPU utilization, the even number CPU is normal...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 11:55 a.m.4 views

kernel: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region

A flaw was found in the qcomq6v5mss module in the Linux kernel. A memory leak can occur when allocated memory is not released in certain error cases, potentially impacting system performance and resulting in a denial of service...

5.5CVSS6.6AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder