Lucene search
+L

13 matches found

github
github
added 2025/08/20 7:9 p.m.16 views

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References5Affected Software1
susecve
susecve
added 2024/12/04 3:58 a.m.3 views

SUSE CVE-2024-37302

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

7.5CVSS7.1AI score0.00572EPSS
Exploits0References3
osv
osv
added 2024/12/03 6:40 p.m.11 views

GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content

Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...

6.9CVSS5.5AI score0.00419EPSS
Exploits0References5
osv
osv
added 2024/12/03 5:15 p.m.11 views

PYSEC-2024-287

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS5.6AI score0.00419EPSS
Exploits0References2
pypa
pypa
added 2024/12/03 5:15 p.m.11 views

PYSEC-2024-286

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

7.5CVSS6.6AI score0.00572EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/12/03 5:15 p.m.11 views

PYSEC-2024-286

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

7.5CVSS6.6AI score0.00572EPSS
Exploits0References1
debiancve
debiancve
added 2024/12/03 5:6 p.m.19 views

CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

5.3CVSS6.1AI score0.00419EPSS
Exploits0
debiancve
debiancve
added 2024/12/03 5:4 p.m.23 views

CVE-2024-37302

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

7.5CVSS6.5AI score0.00572EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/12/03 12:0 a.m.43 views

PT-2024-27461 · Matrix · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...

8.7CVSS6.6AI score0.00715EPSS
Exploits0References19
cnnvd
cnnvd
added 2024/12/03 12:0 a.m.5 views

Element Synapse 安全漏洞

Element Synapse is an open source Matrix home server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106, which stems from vulnerability to a disk stuffing attack, where an unauthenticated attacker can trick Synapse into downloading...

7.5CVSS6.4AI score0.00572EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/12/03 12:0 a.m.6 views

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106 that stems from allowing an unauthenticated remote participant to trigger a remote media download and cache it to a local media...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/12/03 12:0 a.m.4 views

PT-2024-27460 · Matrix · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse is an open-source Matrix homeserver. The issue allows an unauthenticated adversary to induce Synapse to download and cache large amounts of remote media, leading to a denial of service. Thi...

8.7CVSS6.7AI score0.00715EPSS
Exploits0References19
nvd
nvd
added 2015/07/10 12:59 a.m.15 views

CVE-2015-4252

Cross-site request forgery CSRF vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.21.106 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724...

6.8CVSS7.3AI score0.00996EPSS
Exploits0References2
Rows per page
Query Builder