CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3660 matches found

ArchLinux•added 2020/11/26 12:0 a.m.•133 views

[ASA-202011-23] matrix-synapse: denial of service

Arch Linux Security Advisory ASA-202011-23 ========================================== Severity: High Date : 2020-11-26 CVE-ID : CVE-2020-26890 Package : matrix-synapse Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1296 Summary ======= The package matrix-synapse...

7.5CVSS3.2AI score0.02967EPSS

Exploits0References10

OPENSUSE Linux•added 2020/11/26 12:0 a.m.•60 views

Security update for java-1_8_0-openjdk (moderate)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:2048-1 Rating: moderate References: 1174157 1177943 Cross-References: CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621...

8.3CVSS7.1AI score0.04315EPSS

Exploits0References2

Github Security Blog•added 2020/11/24 10:58 p.m.•53 views

Denial of service attack due to invalid JSON

Impact A denial of service attack against Matrix clients can be exploited by sending an event including invalid JSON data to Synapse. Synapse would relay the data to clients which could crash or hang. Impact is long-lasting if the event is made part of the room state. Patches At a minimum 8106 an...

7.5CVSS2.2AI score0.02967EPSS

Exploits0References7Affected Software1

vulnersOsv•added 2020/11/24 10:58 p.m.•3 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26890 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26890 Source advisory: OSV:GHSA-4MP3-385R-V63F...

7.5CVSS7.2AI score0.02967EPSS

Exploits0

OSV•added 2020/11/24 10:58 p.m.•18 views

GHSA-4MP3-385R-V63F Denial of service attack due to invalid JSON

8.7CVSS7.2AI score0.02967EPSS

Exploits0References7

OSV•added 2020/11/24 3:15 a.m.•17 views

CVE-2020-26890

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into th...

7.5CVSS7.5AI score

Exploits0References3

NVD•added 2020/11/24 3:15 a.m.•10 views

CVE-2020-26890

7.5CVSS7.5AI score0.02967EPSS

Exploits0References3

OSV•added 2020/11/24 3:15 a.m.•1 views

DEBIAN-CVE-2020-26890

7.5CVSS7.1AI score0.02967EPSS

Exploits0References1

vulnersOsv•added 2020/11/24 3:15 a.m.•4 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26890 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26890 Source advisory: OSV:PYSEC-2020-237...

7.5CVSS7.2AI score0.02967EPSS

Exploits0

PyPA•added 2020/11/24 3:15 a.m.•4 views

PYSEC-2020-237

7.5CVSS7.1AI score0.02967EPSS

Exploits0References3Affected Software1

OSV•added 2020/11/24 3:15 a.m.•1 views

UBUNTU-CVE-2020-26890

7.5CVSS7.2AI score0.02967EPSS

Exploits0References3

Prion•added 2020/11/24 3:15 a.m.•19 views

Code injection

5CVSS7.4AI score0.02967EPSS

Exploits0References3Affected Software2

OSV•added 2020/11/24 3:15 a.m.•14 views

PYSEC-2020-237

7.5CVSS5.2AI score0.02967EPSS

Exploits0References3

CVE•added 2020/11/24 2:7 a.m.•145 views

CVE-2020-26890

Matrix Synapse prior to 1.20.0 allowed non-standard NaN, Infinity, and -Infinity values in m.room.member event fields, enabling remote DoS against federation and Matrix clients; impact can persist across replicated servers and requires manual redaction. The connected advisories note upgrading to ...

7.5CVSS7.4AI score0.02967EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2020/11/24 2:7 a.m.•29 views

CVE-2020-26890

7.5CVSS7.5AI score0.02967EPSS

Exploits0

Debian CVE•added 2020/11/24 2:7 a.m.•31 views

CVE-2020-26890

7.5CVSS7.5AI score0.02967EPSS

Exploits0

CNNVD•added 2020/11/23 12:0 a.m.•12 views

Matrix Synapse Injection Vulnerability

Matrix Synapse is a Matrix Management Server implementation from the Matrix.org Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.20.0 that allows the use of non-standard NaN, Infinity, and -Infinity JSON values in the fields of the m.room.member event,...

7.5CVSS7.1AI score0.02967EPSS

Exploits0References5

Cvelist•added 2020/11/19 5:7 p.m.•17 views

CVE-2020-12496 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x exposures sensitive information to an unauthorized actor

Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...

6.5CVSS6.4AI score0.00825EPSS

Exploits0References1

OSV•added 2020/11/03 12:37 p.m.•8 views

ALEA-2020:4803 perl:5.30 metadata for the AlmaLinux 8 module matrix

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

6.8AI score

Exploits0References1