DEBIAN-CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

UBUNTU-CVE-2021-21273

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

Denial Of Service (DoS)

get-ip-range is vulnerable to denial of service DoS. The vulnerability exists when parsing a large IP range such as 128.0.0.0/1...

CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

Privilege escalation

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

CVE-2021-27191

The CVE-2021-27191 issue affects the get-ip-range package for Node.js prior to 4.0.0. It allows denial of service when parsing large/untrusted IP ranges (for example 128.0.0.0/1), leading to resource exhaustion. Remediation is to upgrade to version 4.0.0 or newer. This vulnerability is corroborat...

Frenchbread Private-ip Code Issue Vulnerability

Frenchbread Private-ip is a Js codebase for checking if an Ip is private by Frenchbread individual developers. A security vulnerability exists in the Frenchbread Private-ip package prior to v1.0.5 that stems from insufficient regular expressions to adequately filter the reserved IP range, resulti...

CVE-2020-1637

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller IC is configured as an IP...

CVE-2020-10534

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...

CVE-2020-10534

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...

CVE-2020-10534

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...

Code injection

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...

CVE-2020-10534

The CVE-2020-10534 issue affects the MediaWiki World: GlobalBlocking extension prior to 2020-03-10 and affected MediaWiki versions up to 1.34.0. The vulnerability arises from IP range evaluation where an IP address that is contained in two ranges, one of which is locally disabled, can allow block...

CVE-2020-10534

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled...

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: Potential XSS in jQuery CVE-2019-11358. An account can be logged out without using a token CSRF CVE-2019-12466. A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them CVE-2019-12467. Directly...

Insecure Access Controls

mediawiki/core is vulnerable to authorization bypass. Improper checks on the limits on IP range blocks $wgBlockCIDRLimit within the API allows an attacker to obtain unauthorized access to the API...

CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

CVE-2019-12472

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks $wgBlockCIDRLimit by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...