This can lead to a denial of service in which future events will not beĬorrectly sent to other servers over federation. send_leave, /invite or /exchange_third_party_invite request. Into a room by specifying a different room id in the path of a /send_join, CVE-2020-27828 py-matrix-synapse - DoS on Federation API p圓6-matrix-synapse p圓7-matrix-synapse p圓8-matrix-synapse p圓9-matrix-synapse 1.23.1Ī malicious or poorly-implemented homeserver can inject malformed events This vulnerability, was fixed in Vault 1.6.1 and 1.5.6.Īn external party reported that they were able to enumerate LDAP users via error messages returned by Vault’s LDAP auth method CVE-2020-35177 jasper - heap overflow vulnerability jasper 2.0.23įix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c. Vault allowed enumeration of users via the LDAP auth method. Leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature. Sending crafted queries with a GSS-TSIG signature.Ī remote, unauthenticated attacker might be able to cause a double-free, Leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.Ī remote, unauthenticated attacker can cause a denial of service by CVE-2020-35573 powerdns - Various issues in GSS-TSIG support powerdns 4.4.0Ī remote, unauthenticated attacker can trigger a race condition PostSRSd could be tricked into consuming a lot of CPU time withĪn SRS address that has an excessively long time stamp tag. postsrsd - Denial of service vulnerability postsrsd 1.10 Message is received that has a History-Info header, whichĪST-2020-004: A crash can occur in Asterisk when a SIPġ81 response is received that has a Diversion header, Intel CPUs suffer Special Register Buffer Data Sampling vulnerability CVE-2020-0543 asterisk - Remote crash in res_pjsip_diversion asterisk13 13.38.1 asterisk16 16.15.1 asterisk18 18.1.1ĪST-2020-003: A crash can occur in Asterisk when a SIP Vulnerability can be used by any user who is -lined to remotelyĬrash an InspIRCd server. When combined with a HTTP reverse proxy this The websocket module before v3.8.1 contains a double free ports/252310 InspIRCd websocket module double free vulnerability inspircd 3.8.1 The Gitea Team reports for release 1.13.1: Gitea - multiple vulnerabilities gitea 1.13.1 + due to earlier MIME parsing changes for CVE-2020-12100. + message/rfc822 (or if parent was multipart/digest). Mail delivery / parsing crashed when the 10 000th MIME part was + The attacker must have valid credentials to access the + emails using specially crafted command. + discover file system directory structure and access other users' When imap hibernation is active, an attacker can cause Dovecot to
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |