Lucene search
K

64 matches found

Prion
Prion
added 2022/11/22 4:15 p.m.19 views

Design/Logic Flaw

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

5CVSS5.2AI score0.00827EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2022/11/22 4:15 p.m.28 views

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS6.3AI score0.00827EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/11/22 12:0 a.m.53 views

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS6.7AI score0.00827EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.8 views

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS6.5AI score0.00827EPSS
Exploits0References5
CVE
CVE
added 2022/11/22 12:0 a.m.90 views

CVE-2022-41952

CVE-2022-41952 affects Matrix Synapse up to 1.52.x with URL previews enabled. The issue arises when previewing media stream URLs, as connections are not properly bounded by time or data, potentially causing long-lived connections to streaming servers (e.g., Icecast) and excessive traffic if expos...

6.5CVSS5.4AI score0.00827EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/22 12:0 a.m.47 views

CVE-2022-41952 Uncontrolled Resource Consumption in Matrix Synapse

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS5.9AI score0.00827EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/11/22 12:0 a.m.21 views

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS5.8AI score0.00827EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/02 12:0 a.m.6 views

react-native-url-preview (>=1.1.1 <=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=1.6.0 <=2.1.13)

link-preview-js NPM version =1.6.0, =1.1.1, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: OSV:GHSA-H9CW-7G8J-H66H...

6.2CVSS6.1AI score0.00363EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2022/06/28 5:15 p.m.29 views

CVE-2022-31052

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

6.5CVSS6.6AI score0.01578EPSS
Exploits0References3
OSV
OSV
added 2022/06/28 5:15 p.m.23 views

PYSEC-2022-224

Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the reques...

6.5CVSS1.6AI score0.01578EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2022/06/28 12:0 a.m.31 views

py-matrix-synapse -- unbounded recursion in urlpreview

Matrix developers report: This release fixes a vulnerability with Synapse's URL preview feature. URL previews of some web pages can lead to unbounded recursion, causing the request to either fail, or in some cases crash the running Synapse process. Note that: Homeservers with the urlpreviewenable...

6.5CVSS2.5AI score0.01578EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/06/22 8:12 a.m.22 views

react-native-url-preview (=1.1.9), react-native-url-preview-tgp (=1.1.9) +1 more potentially affected by CVE-2022-25876 via link-preview-js (>=2.0.4 <=2.1.13)

link-preview-js NPM version =2.0.4, =2.1.4, =2.2.0 Source cves: CVE-2022-25876 Source advisory: SNYK:JS-LINKPREVIEWJS-2933520...

6.2CVSS6.1AI score0.00363EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/04/01 6:16 p.m.33 views

Uncontrolled Resource Consumption in Matrix Synapse

Impact Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead ...

6.5CVSS5.5AI score0.00827EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/04/01 6:16 p.m.16 views

GHSA-4822-JVWX-W47H Uncontrolled Resource Consumption in Matrix Synapse

Impact Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead ...

5.3CVSS5.8AI score0.00827EPSS
Exploits0References7
Patchstack
Patchstack
added 2018/01/08 12:0 a.m.26 views

WordPress Z-URL Preview plugin <= 1.6.2 - Cross-Site Scripting (XSS) vulnerability

A Cross-Site Scripting XSS vulnerability found by Neorichi in WordPress Z-URL Preview plugin versions = 1.6.2. Vulnerable to Cross-Site Scripting via the class.zlinkpreview.php url parameter. Solution Update the WordPress Z-URL Preview plugin to the latest available version at least 2.0.0...

6.1CVSS2.5AI score0.01467EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/01/04 12:0 a.m.6 views

WordPress Z-URL Preview Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. z-URL Preview plugin is used in one of the external links to get the plugin . A cross-site scripting vulnerability...

6.1CVSS6.5AI score0.01467EPSS
Exploits1References1
OSV
OSV
added 2018/01/01 8:29 a.m.4 views

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

6.1CVSS5.8AI score0.01467EPSS
Exploits1References5
Prion
Prion
added 2018/01/01 8:29 a.m.20 views

Design/Logic Flaw

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

4.3CVSS6AI score0.01467EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2018/01/01 8:29 a.m.24 views

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

6.1CVSS6.1AI score0.01467EPSS
Exploits1References5
CVE
CVE
added 2018/01/01 8:0 a.m.58 views

CVE-2017-18012

The CVE-2017-18012 entry concerns the WordPress plugin Z-URL Preview (versions up to 1.6.1/1.6.2 per sources). The vulnerability is a Cross‑Site Scripting (XSS) attack triggered through the parameter in the file class.zlinkpreview.php (the url parameter), enabling script injection in affected pag...

6.1CVSS6AI score0.01467EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder