Lucene search
+L

15 matches found

OpenVAS
OpenVAS
added 2024/12/23 12:0 a.m.7 views

Mageia: Security Advisory (MGASA-2024-0395)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.5AI score0.00835EPSS
Exploits0References5
OSV
OSV
added 2024/12/21 8:16 p.m.10 views

MGASA-2024-0395 Updated thunderbird packages fix security vulnerability

Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...

5.3CVSS7.5AI score0.00835EPSS
Exploits0References4
Mageia
Mageia
added 2024/12/21 8:16 p.m.20 views

Updated thunderbird packages fix security vulnerability

Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...

5.3CVSS6.9AI score0.00835EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2024/12/17 12:0 a.m.4 views

MozillaThunderbird-128.5.2-1.1 on GA media (moderate)

MozillaThunderbird-128.5.2-1.1 on GA media Announcement ID: openSUSE-SU-2024:14584-1 Rating: moderate Cross-References: CVE-2024-50336 CVSS scores: CVE-2024-50336 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

4.3CVSS6.8AI score0.00835EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/12/17 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:4326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS9.6AI score0.00835EPSS
Exploits0References4
OSV
OSV
added 2024/12/16 1:11 p.m.8 views

SUSE-SU-2024:4326-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal bsc1234413 Other fixes: - Updated to Mozilla Thunderbird 128.5.2i bsc1234413: fixed: Large virtual folders could be very slow fixed:...

5.3CVSS6.9AI score0.00835EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/12/13 12:21 a.m.3 views

SUSE CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

4.3CVSS8.9AI score0.00835EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/12/12 12:0 a.m.9 views

Slackware: Security Advisory (SSA:2024-346-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.5AI score0.00835EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.14 views

Mozilla Thunderbird < 128.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.5.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-69 advisory. - The Matrix specification demands homeservers to perform validation of the server-name and media-id components o...

5.3CVSS8.1AI score0.00835EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/11/12 7:54 p.m.9 views

@airgap/beacon-sdk (>=0.0.1 <=0.0.3-beta.9), @caelum-tech/lorena-matrix-client (>=1.3.0 <=2.1.2) +52 more potentially affected by CVE-2024-50336 via matrix-js-sdk (>=0.0.4 <=34.0.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =1.3.0, =1.0.0, =2.0.0, =2.0.0-alpha.3, =2.0.0-alpha.1, =1.4.1, =0.0.1, =0.0.0-development, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =1.8.0-beta.1 and more Source cves: CVE-2024-50336 Source advisory: OSV:GHSA-XVG8-M4X3-W6XR...

5.3CVSS7.2AI score0.00835EPSS
Exploits0
Circl
Circl
added 2024/11/12 6:53 p.m.3 views

CVE-2024-50336

creationtimestamp| type| source ---|---|--- 2024-11-12 18:53:50+00:00| seen| https://t.me/cvedetector/10665 2024-12-11 17:25:42+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113635355747091624...

5.3CVSS8.5AI score0.00835EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 5:15 p.m.39 views

CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00835EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/12 4:38 p.m.12 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS7AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 4:38 p.m.139 views

CVE-2024-50336

CVE-2024-50336 affects matrix-js-sdk up to version 34.11.0 and allows client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients to issue arbitrary authenticated GET requests to the user’s homeserver. The issue is fixed in matrix-js-sdk 34.11.1. Affected product:...

5.3CVSS6.5AI score0.00835EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/12 4:38 p.m.45 views

CVE-2024-50336 matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS0.00835EPSS
Exploits0References2
Rows per page
Query Builder