13 matches found
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...
SUSE CVE-2024-37302
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...
GHSA-GJGR-7834-RHXR Synapse's unauthenticated writes to the media repository allow planting of problematic content
Impact Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticate...
PYSEC-2024-287
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
PYSEC-2024-286
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...
PYSEC-2024-286
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...
CVE-2024-37303
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...
CVE-2024-37302
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...
PT-2024-27461 · Matrix · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse, an open-source Matrix homeserver, allows unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. This...
Element Synapse 安全漏洞
Element Synapse is an open source Matrix home server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106, which stems from vulnerability to a disk stuffing attack, where an unauthenticated attacker can trick Synapse into downloading...
Element Synapse 安全漏洞
Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse versions prior to 1.106 that stems from allowing an unauthenticated remote participant to trigger a remote media download and cache it to a local media...
PT-2024-27460 · Matrix · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse is an open-source Matrix homeserver. The issue allows an unauthenticated adversary to induce Synapse to download and cache large amounts of remote media, leading to a denial of service. Thi...
CVE-2015-4252
Cross-site request forgery CSRF vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.21.106 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724...