341 matches found
UBUNTU-CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Design/Logic Flaw
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Missing Authorization Checks
matrixsynapse is vulnerable to Improper Authentication. The vulnerability is due to the completelogin function as It fails to verify the deactivated status of users during login. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the jwtconfig.enabled...
ZrLog Directory Traversal Vulnerability
ZrLog is a blogging system developed using the Java language. A directory traversal vulnerability exists in ZrLog version 2.1.15, which stems from a lack of validity checking of paths in the admin.api.TemplateController deletion function when processing directory requests, and can be exploited by...
CVE-2020-27514
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service DoS...
Authorization Bypass
matrix-synapse is vulnerable to Authorization Bypass. The vulnerability exists because it does not properly validate the deactivated status of users during login time. which allows a user to login even if there account is deactivated. Note that this vulnerability only applies if JSON Web Tokens a...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
Design/Logic Flaw
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
PYSEC-2023-84
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
CVE-2023-32682
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...
GHSA-26C5-PPR8-F33P Synapse has improper checks for deactivated users during login
Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...
Synapse has improper checks for deactivated users during login
Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...
PT-2023-17114 · Zhong Bang · Crmeb
Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java versions up to 1.3.4 Description: A critical issue affects the function getAdminList of the file "/api/admin/store/product/list". The manipulation of the argument cateId leads to sql injection. The attack can be initiate...
PT-2023-16986 · Meizhou Qingyunke · Qykcms
Name of the Vulnerable Software and Affected Versions: Meizhou Qingyunke QYKCMS version 4.3.0 Description: A vulnerability was found in the Update Handler component of Meizhou Qingyunke QYKCMS, affecting an unknown part of the file /admin system/api.php. The manipulation of the downurl argument...