46 matches found
CVE-2022-31134
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...
EUVD-2021-0131
Malware in sbrugna...
EUVD-2024-29051
Malicious code in bioql PyPI...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
Grafana -- User deletion issue
Grafana Labs reports: On April 15, we discovered a vulnerability that stems from the user deletion logic associated with organization administrators. An organization admin could remove any user from the specific organization they manage. Additionally, they have the power to delete users entirely...
py-matrix-synapse -- multiple vulnerabilities in versions prior to 1.120.1
element-hq/synapse developers report: The 1.120.1 release fixes multiple security vulnerabilities, some affecting all prior versions of Synapse. Server administrators are encouraged to update Synapse as soon as possible. We are not aware of these vulnerabilities being exploited in the wild...
May 14, 2024—KB5037781 (OS Build 25398.887)
May 14, 2024—KB5037781 OS Build 25398.887 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
CVE-2024-31208 Synapse's V2 state resolution weakness allows DoS from remote room members
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools...
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Design/Logic Flaw
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
PYSEC-2023-199
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...