Lucene search
+L

46 matches found

RedHat Linux
RedHat Linux
added 2022/10/25 2:38 p.m.6 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

7.5CVSS7.3AI score0.0099EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 2:37 p.m.6 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

7.5CVSS7.3AI score0.0099EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 2:3 p.m.6 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

7.5CVSS7.3AI score0.0099EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/07/05 3:40 p.m.35 views

CVE-2022-34878 VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

5.5CVSS9.1AI score0.03431EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2022/02/14 12:0 a.m.254 views

gitea -- password hash quality

The Gitea team reports: This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters. In addition it takes the opportunity to adjust the settings for pbkdf2 in order to make the hashing a little...

1.7AI score
Exploits0References2
OSV
OSV
added 2021/11/23 9:58 p.m.36 views

GHSA-3HFW-X7GX-437C Path traversal in Matrix Synapse

Impact Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory, potentially outside the media store directory. The last two directories and file name of the path are chosen randomly by Synapse and cannot be...

8.7CVSS7.4AI score0.01514EPSS
Exploits0References8
OSV
OSV
added 2021/11/23 8:15 p.m.19 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/11/23 7:15 p.m.51 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score0.01514EPSS
Exploits0
OSV
OSV
added 2021/09/01 6:25 p.m.25 views

GHSA-JJ53-8FMW-F2W2 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.

Impact Unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where: - the vulnerable homeserver is in the room; and - untrusted users are permitted to create groups communities. By defaul...

3.1CVSS3.6AI score0.00892EPSS
Exploits0References8
NVD
NVD
added 2021/08/31 5:15 p.m.25 views

CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.5CVSS0.01457EPSS
Exploits0References5
NVD
NVD
added 2021/08/31 4:15 p.m.17 views

CVE-2021-39163

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.5CVSS0.00892EPSS
Exploits0References5
Prion
Prion
added 2021/08/31 4:15 p.m.19 views

Design/Logic Flaw

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.5CVSS3.4AI score0.00892EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2021/08/31 4:15 p.m.27 views

PYSEC-2021-424

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.5CVSS1.5AI score0.00892EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/08/31 4:0 p.m.56 views

CVE-2021-39163

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.5CVSS3.9AI score0.00892EPSS
Exploits0
NVD
NVD
added 2021/02/26 6:15 p.m.32 views

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS0.01809EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/02/26 5:28 p.m.214 views

Open redirects on some federation and push requests

Impact Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the...

6.1CVSS1.4AI score0.01809EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2021/02/26 5:25 p.m.38 views

CVE-2021-21273 Open redirects on some federation and push requests

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

3.1CVSS6.7AI score0.01809EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/07/06 12:0 a.m.11 views

FreeBSD : py-matrix-synapse -- multiple vulnerabilities (d9f686f3-fde0-48dc-ab0a-01c2fe3e0529)

Matrix developers report : Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. - A malicious homeserver could force Synapse to reset the state in a room to a small subset o...

5.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2020/07/02 12:0 a.m.18 views

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...

1.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2019/09/06 12:48 p.m.201 views

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...

10CVSS1AI score0.99961EPSS
Exploits28
Rows per page
Query Builder