Lucene search
+L

7 matches found

Fedora
Fedora
added 2021/09/08 3:7 p.m.37 views

[SECURITY] Fedora 34 Update: matrix-synapse-1.41.1-1.fc34

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

3.5CVSS3.6AI score0.01457EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/08/31 5:15 p.m.38 views

CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership list of members, with their display names of a room if they know the ID of the room. The vulnerability is limited to rooms with shared history...

3.5CVSS6.8AI score0.01457EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/05/11 3:5 p.m.39 views

CVE-2021-29471 Denial of service in Matrix Synapse

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

3.7CVSS5.8AI score0.01647EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/04/12 9:50 p.m.51 views

CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS6.9AI score0.00894EPSS
Exploits0References4
CVE
CVE
added 2021/04/12 9:50 p.m.111 views

CVE-2021-21392

Synapse (matrix-synapse) prior to version 1.28.0 is affected by a vulnerability where requests to user-provided domains could escape external IP restrictions on dual-stack networks due to transitional IPv6 addresses. This may allow outbound requests to internal infrastructure during federation, i...

6.3CVSS6.5AI score0.00894EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/04/12 8:45 p.m.46 views

CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

5.3CVSS7AI score0.01538EPSS
Exploits0References5
Prion
Prion
added 2021/02/26 6:15 p.m.30 views

Code injection

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead t...

4.3CVSS6.5AI score0.02164EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder