13 matches found
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization in the ydoc:document:update handler. An attacker can inject, modify, or delete content in collaborative documents by emitting crafted Socket.IO events after joining a document room wit...
SUSE CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
PYSEC-2024-50
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Patches Please upgrade to 1.0.1. Workarounds You can set the matrixHandler.eventCacheSize config value to 0 to workaround this...
GHSA-C7HH-3V6C-FJ4Q matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Impact It was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Patches Please upgrade to 1.0.1. Workarounds You can set the matrixHandler.eventCacheSize config value to 0 to workaround this...
Elasticsearch Logstash allows remote attackers to execute arbitrary commands
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...
GHSA-8QHQ-RQ4J-8PRJ Elasticsearch Logstash allows remote attackers to execute arbitrary commands
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...
Elasticsearch Logstash allows remote attackers to execute arbitrary commands
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...
Elasticsearch Logstash allows remote attackers to execute arbitrary commands
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...
Logstash ESA-2014-02
Logstash 1.4.1 and prior, when configured to use the Zabbix or Nagios outputs, allows an attacker with access to send crafted events to Logstash inputs to cause Logstash to execute OS commands. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid119461; scriptversion"1.2"...
UBUNTU-CVE-2018-10657
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...
VulnCheck KEV: CVE-2018-10657
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...