CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

Linux Distros Unpatched Vulnerability : CVE-2023-32682

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login...

CVE-2024-6760

A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which...

PT-2024-37854 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A logic bug in the code disables kernel tracing for setuid programs, allowing unprivileged users to trace and inspect the behavior of setuid programs. This bug may be used by an...

Missing Authorization Checks

matrixsynapse is vulnerable to Improper Authentication. The vulnerability is due to the completelogin function as It fails to verify the deactivated status of users during login. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the jwtconfig.enabled...

SUSE CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

DEBIAN-CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

PYSEC-2023-84

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

Design/Logic Flaw

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

UBUNTU-CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

CVE-2023-32682 Improper checks for deactivated users during login in synapse

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

GHSA-26C5-PPR8-F33P Synapse has improper checks for deactivated users during login

Impact It may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: JSON Web Tokens are enabled for login via the jwtconfig.enabled configuration setting The local password database is enabled via the...

Security Announcement: tnef

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: tnef 0-124 Date: Mon Jul 10 19:19:16 CEST 2000 Affected SuSE versions: 6.3-6.4 Vulnerability Type: remote compromise SuSE default package: no Other affected systems: all unix systems using this package A security hole was...