8 matches found
Astra Linux - уязвимость в thunderbird
The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services
Summary The Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL...
CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...
GHSA-HHFG-FWRW-87W7 sigstore has insufficient validation of integration timestamp during verification
Summary Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified if a source of signed time such as an inclusion promise is present, b...
CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...
PT-2024-36570 · Unknown · Sigstore-Python
Name of the Vulnerable Software and Affected Versions: sigstore-python versions 2.0.0 through 3.6.0 Description: The issue concerns insufficient validation of the "integration time" in "v2" and "v3" bundles during the verification flow. This affects versions of sigstore-python newer than 2.0.0 bu...
GHSA-5W8R-8PGJ-5JMF matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Impact An attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities, leading to the other device trusting/verifying the user identity under the control of th...
CVE-2022-39250
Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...