Lucene search
+L

6 matches found

OpenVAS
OpenVAS
added 2021/12/09 12:0 a.m.15 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2021-9758549fce)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.5AI score0.01514EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/09 12:0 a.m.18 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2021-2f9dcdbace)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.5AI score0.01514EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/11/23 8:15 p.m.32 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.1AI score0.01514EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/11/23 7:15 p.m.47 views

CVE-2021-41281 Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.9AI score0.01514EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2021/11/23 7:15 p.m.49 views

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

7.5CVSS7.7AI score0.01514EPSS
Exploits0
CVE
CVE
added 2021/11/23 7:15 p.m.131 views

CVE-2021-41281

CVE-2021-41281 affects Synapse (Matrix homeserver) versions before 1.47.1 with the media repository enabled. A path traversal vulnerability lets an attacker cause a remote file to be downloaded into an arbitrary directory without authentication; the impact is mitigated by the last two path compon...

7.5CVSS7.6AI score0.01514EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder