Lucene search
K

3662 matches found

UbuntuCve
UbuntuCve
added 2021/02/26 6:15 p.m.26 views

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

6.5CVSS6.6AI score0.02164EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/02/26 6:15 p.m.3 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21273 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21273 Source advisory: OSV:PYSEC-2021-131...

6.1CVSS6.3AI score0.01809EPSS
Exploits0
Prion
Prion
added 2021/02/26 6:15 p.m.29 views

Code injection

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

4.3CVSS6.5AI score0.02164EPSS
Exploits0References5Affected Software2
UbuntuCve
UbuntuCve
added 2021/02/26 6:15 p.m.23 views

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.4AI score0.01809EPSS
Exploits0References5
PyPA
PyPA
added 2021/02/26 6:15 p.m.5 views

PYSEC-2021-131

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.7AI score0.01809EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/02/26 6:15 p.m.21 views

Cross site request forgery (csrf)

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

5.8CVSS6.3AI score0.01809EPSS
Exploits0References5Affected Software2
vulnersOsv
vulnersOsv
added 2021/02/26 6:15 p.m.3 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +5 more potentially affected by CVE-2021-21274 via matrix-synapse (=1.153.0)

matrix-synapse PYPI version =1.153.0 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - matrix-server-isenguard =0.1.1, =0.1.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21274 Source advisory:...

6.5CVSS6.5AI score0.02164EPSS
Exploits0
OSV
OSV
added 2021/02/26 6:15 p.m.25 views

PYSEC-2021-131

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS1.7AI score0.01809EPSS
Exploits0References4
OSV
OSV
added 2021/02/26 6:15 p.m.1 views

UBUNTU-CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

6.5CVSS5.8AI score0.02164EPSS
Exploits0References6
OSV
OSV
added 2021/02/26 6:15 p.m.28 views

PYSEC-2021-132

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

6.5CVSS2.2AI score0.02164EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/02/26 5:28 p.m.4 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21273 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21273 Source advisory: OSV:GHSA-V936-J8GP-9Q3P...

6.1CVSS6.3AI score0.01809EPSS
Exploits0
CVE
CVE
added 2021/02/26 5:25 p.m.226 views

CVE-2021-21273

Synapse (matrix-synapse, Python/pypi) contains a vulnerability in versions before 1.25.0 where requests to user-provided domains were not restricted to external IPs when computing the key validity for third-party invite events and push notifications. This could allow requests to internal infrastr...

6.1CVSS5.2AI score0.01809EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2021/02/26 5:25 p.m.30 views

CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

6.1CVSS6.1AI score0.01809EPSS
Exploits0
CVE
CVE
added 2021/02/26 5:25 p.m.112 views

CVE-2021-21274

CVE-2021-21274 affects Synapse (matrix-synapse) prior to version 1.25.0. A malicious homeserver could abuse .well-known redirection to a large file, causing denial of service by consuming significant resources on federated requests from untrusted servers. The issue is resolved in Synapse 1.25.0. ...

6.5CVSS5.4AI score0.02164EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2021/02/26 5:25 p.m.24 views

CVE-2021-21274

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

6.5CVSS6.3AI score0.02164EPSS
Exploits0
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.4 views

Matrix Synapse 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A denial of service vulnerability exists in Synapse versions prior to 1.25.0, which stems from a malicious homeserver that redirects requests to a large file, which could lead to a denial of service...

6.5CVSS6.6AI score0.02164EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.5 views

Matrix Synapse Input Validation Error Vulnerability

Matrix Synapse is an implementation of a matrix management server from the Matrix Foundation in the UK. A security vulnerability exists in Synapse that stems from a request to a user-provided domain being unrestricted by an external IP address when calculating key validity for third-party...

6.1CVSS6.4AI score0.01809EPSS
Exploits0References6
OSV
OSV
added 2021/01/26 6:16 p.m.3 views

CVE-2021-25906

An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...

7.5CVSS7.1AI score
Exploits0References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.6 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability existed in Rust prior to version 0.9.2. The vulnerability stems from an issue found in the program basicdspmatrix, which can perform two delete operations. No details of the vulnerabilit...

7.5CVSS7.1AI score0.01327EPSS
Exploits1References2
CVE
CVE
added 2021/01/20 5:50 p.m.42 views

CVE-2021-21269

CVE-2021-21269 affects Keymaker (a Mastodon Community Finder based Matrix serverlist page). Before v0.2.0, the assets endpoint did not validate the requested extension, and the Rust join call on user input allowed a Path Traversal, enabling reading of files beyond the intended directory. This cou...

7.7CVSS6.4AI score0.01392EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder