415 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-52805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory...
Linux Distros Unpatched Vulnerability : CVE-2024-52815
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allo...
[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-4.fc41
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-4.fc40
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
DEBIAN-CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
UBUNTU-CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
VulnCheck KEV: CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
Linux Distros Unpatched Vulnerability : CVE-2022-39251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...
Linux Distros Unpatched Vulnerability : CVE-2022-39250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious...
Astra Linux – Vulnerability in Thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. Version 34.11.0 and earlier of matrix-js-sdk was vulnerable to client-side path traversal attacks through crafted MXC URIs. A malicious room member could trigger clients using matrix-js-sdk to send...
CVE-2022-39255
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39200
Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...
CVE-2022-39257
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...
CVE-2022-39248
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...
CVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...
[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-3.fc40
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-3.fc41
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
SUSE CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
Directory Traversal
matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...