28 matches found
EUVD-2020-0106
Malware in sbrugna...
EUVD-2024-47418
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request...
CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6301
Conduit (federation API) is affected by CVE-2024-6301: lack of origin validation in the federation API allows any remote server to impersonate any user from any server in most EDUs. The vulnerability affects Conduit versions prior to 0.8.0. Root cause: insufficient validation of origin in federat...
UBUNTU-CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
CVE-2022-39335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...
PT-2023-13719 · Synapse +2 · Synapse +2
Name of the Vulnerable Software and Affected Versions: Synapse versions up to and including 1.68.0 Description: The Matrix Federation API in Synapse allows remote homeservers to request authorization events in a room, which is necessary for validating the legitimacy and permission of events...
SUSE CVE-2018-12291
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
Matrix Synapse Security Filtering Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
GHSA-V8WM-G9F2-XJV4 Matrix Synapse Security Filtering Flaw
The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...
FreeBSD : py-matrix-synapse -- DoS on Federation API (cfa0be42-3cd7-11eb-9de7-641c67a117d8)
Matrix developers reports : A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invite or /exchangethirdpartyinvite request. This can lead to a denial of service in which future events will...
CVE-2020-26257
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...
Design/Logic Flaw
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...
CVE-2020-26257
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...