Lucene search
+L

415 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.51 views

Linux Distros Unpatched Vulnerability : CVE-2024-52805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory...

8.2CVSS6.1AI score0.00715EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-52815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allo...

8.7CVSS6.1AI score0.00547EPSS
Exploits0References2
Fedora
Fedora
added 2025/04/07 1:25 a.m.11 views

[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-4.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

7.2AI score
Exploits0
Fedora
Fedora
added 2025/04/05 1:57 a.m.13 views

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-4.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

7.2AI score
Exploits0
OSV
OSV
added 2025/03/27 1:15 a.m.3 views

DEBIAN-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS6.9AI score0.01157EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 1:15 a.m.2 views

UBUNTU-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS5.7AI score0.01157EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/03/27 12:59 a.m.8 views

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS6.9AI score0.01157EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/03/26 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS5.7AI score0.01157EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...

8.6CVSS7.8AI score0.00913EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-39250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious...

8.6CVSS7.4AI score0.00942EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Thunderbird

matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. Version 34.11.0 and earlier of matrix-js-sdk was vulnerable to client-side path traversal attacks through crafted MXC URIs. A malicious room member could trigger clients using matrix-js-sdk to send...

5.3CVSS7.7AI score0.00835EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.13 views

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS6.4AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:33 p.m.11 views

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS6.7AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:32 p.m.10 views

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS6.3AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:31 p.m.12 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS6.7AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:27 a.m.10 views

CVE-2024-42347

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

7.7CVSS7.4AI score0.00427EPSS
Exploits0References1
Fedora
Fedora
added 2024/12/13 1:37 a.m.61 views

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-3.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

9.1CVSS7.2AI score0.00715EPSS
Exploits0
Fedora
Fedora
added 2024/12/13 1:35 a.m.44 views

[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-3.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

9.1CVSS6.4AI score0.00715EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/12/13 12:21 a.m.3 views

SUSE CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

4.3CVSS8.9AI score0.00835EPSS
Exploits0References6
Veracode
Veracode
added 2024/12/04 6:37 p.m.6 views

Directory Traversal

matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...

5.3CVSS6.1AI score0.00835EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder