SUSE CVE-2024-36403

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

CVE-2024-36403

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating...

CVE-2024-36403

CVE-2024-36403 affects Matrix Media Repo (MMR) before 1.3.5. An unauthenticated attacker can cause unbounded disk consumption by triggering MMR to download and cache large volumes of remote media. Deployments using file-backed storage or self-hosted S3 storage are vulnerable to a disk-fill denial...

Synapse denial of service through media disk space consumption

Impact Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging fro...

PYSEC-2024-286

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

PYSEC-2024-286

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

CVE-2024-37302

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can le...

PT-2024-27460 · Matrix · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.106 Description: Synapse is an open-source Matrix homeserver. The issue allows an unauthenticated adversary to induce Synapse to download and cache large amounts of remote media, leading to a denial of service. Thi...

Debian DLA-1661-1 : mumble security update

It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message flood. With the new security update a rate limiter is added with Leaky-Bucket algorith...

Debian: Security Advisory (DLA-1661-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...