CVE-2023-32689

Parse Server (Node.js) versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing-style flaw where a user can upload an HTML file via the public API, making that HTML accessible under the hosting domain for phishing use. The vulnerability is compounded by the Parse JavaScript SDK, which store...

DEBIAN-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

UBUNTU-CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

@eweser/db (>=1.4.1 <=1.6.2), @medicaa/trustie (>=0.0.1 <=0.0.3) +36 more potentially affected by CVE-2023-29529 via matrix-js-sdk (>=0.0.4 <=24.1.0-rc.1)

matrix-js-sdk NPM version =0.0.4, =1.4.1, =0.0.1, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.1.0, =0.0.1, =0.11.1-7, =1.6.0, =1.0.33, =1.1.5 and more Source cves: CVE-2023-29529 Source advisory: OSV:GHSA-6G67-Q39G-R79Q...

Malicious code in @12build/segment-js-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 856e63ff9eebaf0c3443eeee789588cf844ca28e1810394d67c01e5f5a4aa601 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@eweser/db (>=1.4.1 <=1.6.2), @medicaa/trustie (>=0.0.1 <=0.0.3) +36 more potentially affected by CVE-2023-28427 via matrix-js-sdk (>=0.0.4 <=23.5.0)

matrix-js-sdk NPM version =0.0.4, =1.4.1, =0.0.1, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.1.0, =0.0.1, =0.11.1-7, =1.6.0, =1.0.33, =1.1.5 and more Source cves: CVE-2023-28427 Source advisory: OSV:GHSA-MWQ8-FJPF-C2GR...

DEBIAN-CVE-2023-28427

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-36059 via matrix-js-sdk (>=0.0.4 <=19.4.0-rc.1)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-36059 Source advisory: OSV:GHSA-RFV9-X7HH-XC32...

SUSE CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2023-23925

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

Design/Logic Flaw

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

Fedora 35 : thunderbird (2022-1454bee2fa)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-1454bee2fa advisory. Update to 102.3.1 https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://www.thunderbird.net/en-US/thunderbird/102.3.1/releasenotes/ ----...

Fedora 36 : thunderbird (2022-df4ffc6551)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-df4ffc6551 advisory. Update to 102.3.1 https://www.mozilla.org/en-US/security/advisories/mfsa2022-43/ https://www.thunderbird.net/en-US/thunderbird/102.3.1/releasenotes/ Tenable...

Rocky Linux 8 : thunderbird (RLSA-2022:7190)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7190 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5724-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5724-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

GLSA-202210-35 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-35 Mozilla Thunderbird: Multiple Vulnerabilities - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:3800-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3800-1 advisory. - When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine ...

Oracle Linux 8 : thunderbird (ELSA-2022-7190)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7190 advisory. 102.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.4.0-1 - Update to 102.4.0 build1 Tenable has...

AlmaLinux 9 : thunderbird (ALSA-2022:7178)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:7178 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or...