Fedora 40 : matrix-synapse (2025-cef83410f7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cef83410f7 advisory. Backport fixes from v1.127.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...

PT-2025-37273

Name of the Vulnerable Software and Affected Versions matrix-rust-sdk affected versions not specified Description A Denial-of-Service issue exists due to improper handling of symlinks symbolic links, which are files that point to another file or directory. Recommendations At the moment, there is ...

matrix-synapse-1.127.1-1.1 on GA media (moderate)

matrix-synapse-1.127.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14939-1 Rating: moderate Cross-References: CVE-2025-30355 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

SUSE CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

OPENSUSE-SU-2025:14939-1 matrix-synapse-1.127.1-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.127.1-1.1 package on the GA media of openSUSE Tumbleweed...

Denial-of-Service (DoS)

Synapse is vulnerable to a Denial-Of-Service. The vulnerability is due to improper handling of maliciously crafted federation events, where a malicious Matrix server can send crafted events that prevent Synapse from federating with other servers...

Improper Input Validation

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation. A malicious server can disrupt the normal operation and prevent the application from federating with other servers by crafting even...

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2025-30355 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2025-30355 Source advisory: OSV:GHSA-V56R-HWV5-MXG6...

DEBIAN-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

UBUNTU-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

VulnCheck KEV: CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

Timing Side-channel Attacks

postquantumfeldmanvss is vulnerable to Timing side-channel attacks. The vulnerability is due to Python's non-constant-time execution model, which causes execution time variations in the findsecurepivot and securematrixsolve functions, allowing attackers to infer secret information through precise...

GHSA-Q65W-FG65-79F4 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Description: The feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the findsecurepivot function and potentially other parts of securematrixsolve. These vulnerabilities are due to Python's execution model, which does not guarantee...

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Description: The feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the findsecurepivot function and potentially other parts of securematrixsolve. These vulnerabilities are due to Python's execution model, which does not guarantee...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

Post-Quantum Secure Feldman Verifiable Secret Sharing 安全漏洞

Post-Quantum Secure Feldman Verifiable Secret Sharing is a Verifiable Secret Sharing VSS for Post-Quantum Secure Feldman in Python by the individual developer David Osipov. A security vulnerability exists in Post-Quantum Secure Feldman Verifiable Secret Sharing 0.7.6b0 and earlier versions, which...