5458 matches found
CVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...
New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication
Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...
The vulnerability of the SSH service on the SmartOS operating system, specifically the AdTran SRG 834-5 Wi-Fi routers, allows a hacker to execute arbitrary operating system commands.
The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...
The vulnerability of the software for managing and optimizing Cisco Intelligent Node (iNode) networks stems from the use of a hard-crypted cryptographic key. This allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of Cisco Intelligent Node iNode management and optimization software is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information by...
RLSA-2024:4617 Important: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 For more details about the security issues,...
New Chrome Feature Scans Password-Protected Files for Malicious Content
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informe...
kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...
The vulnerability of the SEV-SNP and SEV-ES mechanisms in Linux operating systems allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the SEV-SNP and SEV-ES mechanisms in Linux operating systems stems from incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update a...
Important: Red Hat Security Advisory: qt5-qtbase security update
An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
qt5-qtbase security update
5.15.9-10 - HTTP2: Delay any communication until encrypted can be responded to Resolves: RHEL-46348...
ALSA-2024:4623 Important: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 For more details about the security issues,...
RHEL 7 : qt5-qtbase (RHSA-2024:4647)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4647 advisory. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security...
ALSA-2024:4617 Important: qt5-qtbase security update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qtbase: qtbase: Delay any communication until encrypted can be responded to CVE-2024-39936 For more details about the security issues,...
hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem
A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...