15 matches found
EUVD-2022-5320
Malicious code in bioql PyPI...
CVE-2023-32060
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
CVE-2024-39691
CVE-2024-39691 affects matrix-appservice-irc, a Node.js IRC bridge for Matrix. Before version 2.0.1, the bridge used the Matrix homeserver-provided timestamp (origin_server_ts) to decide if a user could see the event being replied to. A malicious homeserver could fabricate this timestamp, causing...
CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
SUSE CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
Matrix Synapse Security Filtering Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
The best test for an EDR solution is one that works for you
Since its inception, the endpoint detection and response EDR market has evolved rapidly with new innovations to better address the cyber landscape and meet customers’ needs for an effective and simple solution that just works. But finding something that just works means something quite different...
Nextcloud: Event privacy level does not work in Thunderbird
Events in shared calendar with changed privacy level to any other than public are shown in Thunderbird as public anyway with all details How to reproduce: 1 - create an event in user A's calendar shared to user B 2 - change privacy setting of this event to any other than public 3 - open Thunderbi...
Design/Logic Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
UBUNTU-CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
DEBIAN-CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
CVE-2018-12291
Summary: Matrix Synapse before 0.31.1 has a bug in on_get_missing_events ( federation.py ) where event visibility rules were not applied correctly in get_missing_events, potentially exposing incorrect events. Impact: as described in multiple advisories; CVE-2018-12291. Remediation: upgrade to Syn...