GitLab 14.1 < 14.1.2 (CVE-2021-22236)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1...

CVE-2022-39374 Synapse Denial of service due to incorrect application of event authorization rules during state resolution

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that...

Denial of service due to incorrect application of event authorization rules

Impact The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including v1.61, some of these rules are not correctly applied. An attacker could craft events which...