11 matches found
EUVD-2019-0083
Malware in sbrugna...
Ubuntu 18.04 ESM : Synapse vulnerabilities (USN-6076-1)
The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6076-1 advisory. It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input...
GHSA-CPPW-2MF8-QPM5 Improper Verification of Cryptographic Signature in matrix-synapse
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2020-26257 Denial of service attack via incorrect parameters to federation APIs
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invit...
FreeBSD : py-matrix-synapse -- missing signature checks on some federation APIs (42675046-fa70-11e9-ba4e-901b0e934d69)
Matrix developers report : Make sure that ... events sent over /sendjoin, /sendleave, and /invite, are correctly signed and come from the expected servers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...
Code injection
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
PYSEC-2019-186
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
CVE-2019-18835 affects Matrix Synapse prior to 1.5.0. The root cause is improper signature verification on federation APIs; events sent over /send_join, /send_leave, and /invite may not be correctly signed or may not originate from the expected servers. This can allow spoofing or impersonation of...