EUVD-2024-3300

Malicious code in bioql PyPI...

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

BIT-MOODLE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

Improper Authorization

Moodle is vulnerable to improper authorization. The vulnerability is due to incorrect handling of Matrix room membership and power levels due to suspended Moodle users not being properly revoked, and attackers can use this to retain unauthorized access and elevated privileges in Matrix rooms even...

GHSA-Q99X-MJMH-V8W7 Moodle's user/power level management inconsistent with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

UBUNTU-CVE-2024-43433

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to the incorrect application and revocation of matrix room membership and power levels for suspended users. Remediation Upgrade moodle/moodle to version 4.4.2, 4.3.6 or...

CVE-2024-43433 Moodle: matrix user/power level management not always working as expected with suspended users

A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users...

CVE-2023-3259

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the...

GHSA-GRVV-H2F9-7V9C gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth

Impact The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default power level to zero in all cases. In rooms where the "eventsdefault" power level had been changed, this could result in events either...

GO-2022-0952 Incorrect event parsing in github.com/matrix-org/gomatrixserverlib

Power level parsing does not parse the "eventsdefault" key of the m.room.powerlevels event, setting the event default power level to zero in all cases. This can cause events to be improperly accepted or rejected in rooms where the eventdefault power level has been changed...

Authorization Bypass

github.com/matrix-org/dendrite is vulnerable to authorization bypass. The vulnerability exists in the eventsdefault level in m.room.powerlevels events of eventcontent.go when defaulting the event default power level to zero in all cases, resulting in events either being incorrectly authorized or...

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

Design/Logic Flaw

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

CVE-2022-36009

CVE-2022-36009 affects gomatrixserverlib (Matrix federation library) and the Dendrite server. The root cause was incorrect parsing of the m.room.power_levels events_default field, which could cause events to be improperly authorized or rejected in rooms where events_default had been changed. A fi...

CVE-2022-36009 Incorrect parsing of access level in gomatrixserverlib and dendrite

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

GHSA-CH5V-FHG8-7GV9 Matrix Synapse Authorization Error

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.powerlevels event in force...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...