CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10657
https://notcve.org/view.php?id=CVE-2018-10657
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. Matrix Synapse en versiones anteriores a la 0.28.1 es propenso a un error de denegación de servicio (DoS) en el que los eventos maliciosos inyectados con una profundidad de = 2^63 - 1 hacen que las habitaciones no puedan usarse. Esto está relacionado con federation/federation_base.py y handlers/message.py, tal y como se explotaron "in the wild" en abril de 2018. • https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17636 – MLM Forced Matrix 2.0.9 - 'newid' SQL Injection
https://notcve.org/view.php?id=CVE-2017-17636
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. MLM Forced Matrix 2.0.9 tiene una inyección SQL mediante el parámetro newid en news-detail.php. • https://www.exploit-db.com/exploits/43307 https://packetstormsecurity.com/files/145348/MLM-Forced-Matrix-2.0.9-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2307
https://notcve.org/view.php?id=CVE-2016-2307
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application allow remote attackers to read arbitrary files via unspecified vectors, as demonstrated by the configuration file. Aplicación American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions en versiones anteriores a 3.0.0 y aplicación Aspect-Matrix Building Automation Front-End Solutions permiten a atacantes remotos leer archivos arbitrarios a través de vectores no especificados, como se demuestra por el archivo de configuración. • https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2308
https://notcve.org/view.php?id=CVE-2016-2308
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file. Aplicación American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions en versiones anteriores a 3.0.0 y aplicación Aspect-Matrix Building Automation Front-End Solutions almacena contraseñas en texto plano, lo que permite a atacantes remotos obtener información sensible leyendo un archivo. • https://ics-cert.us-cert.gov/advisories/ICSA-16-273-01-0 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5494
https://notcve.org/view.php?id=CVE-2015-5494
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Webform Matrix Component 7.x-4.x en versiones anteriores a 7.x-4.13 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2442741 https://www.drupal.org/node/2484231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •