1885 matches found
CVE-2021-21392
Synapse (matrix-synapse) prior to version 1.28.0 is affected by a vulnerability where requests to user-provided domains could escape external IP restrictions on dual-stack networks due to transitional IPv6 addresses. This may allow outbound requests to internal infrastructure during federation, i...
CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
CVE-2021-21392
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
CVE-2021-21393
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
Input validation
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2021-21394
CVE-2021-21394 affects the Matrix Synapse reference homeserver (Python, matrix-synapse) prior to version 1.28.0. The issue is invalid input validation on endpoints used to confirm third-party identifiers, which could cause excessive disk space and memory usage leading to resource exhaustion. The ...
CVE-2021-21394
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...
CVE-2021-25158
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...
CVE-2021-25157
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...
CVE-2019-5319
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Insta...
CVE-2021-25161
A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...
CVE-2021-25159
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25160
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25156
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...
CVE-2021-25162
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and...
CVE-2021-25156
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...
CVE-2021-25159
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25157
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...
CVE-2021-25158
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...