14 matches found
USN-6076-1: Synapse vulnerabilities
It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2019-18835, CVE-2018-12291, CVE-2018-10657 It was...
Ubuntu 18.04 ESM : Synapse vulnerabilities (USN-6076-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6076-1 advisory. It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-5885 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-5885 Source advisory: OSV:GHSA-JRQM-V8CV-53WW...
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
UBUNTU-CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
CVE-2019-5885
CVE-2019-5885 affects Matrix Synapse prior to 0.34.0.1. When the macaroon_secret_key parameter is not set, a predictable value is used to derive a secret key (and other secrets), which could allow remote attackers to impersonate users. The issue is documented across multiple sources (including a ...
CVE-2019-5885
Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...
Fedora 28 : matrix-synapse (2019-c6044b3fce)
Fix for CVE-2019-5885 Upgrade notes available at https://github.com/matrix-org/synapse/blob/v0.34.0/UPGRADE.rstupgradi ng-to-v0340 - Note this continues to use Python 2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...
Fedora 29 : matrix-synapse (2019-4d914f9257)
Fix for CVE-2019-5885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...
FreeBSD : py-matrix-synapse -- undisclosed vulnerability (383931ba-1818-11e9-92ea-448a5b29e8a9)
Matrix developers report : The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...
py-matrix-synapse -- undisclosed vulnerability
Matrix developers report: The matrix team announces the availablility of synapse security releases 0.34.0.1 and 0.34.1.1, fixing CVE-2019-5885...