347 matches found
Fedora: Security Advisory (FEDORA-2025-cddcfd6518)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-63751ef564)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7444-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7444-1 matrix-synapse vulnerabilities
It was discovered that Synapse network policies could be bypassed via specially crafted URLs. An attacker could possibly use this issue to bypass authentication mechanisms. CVE-2023-32683 It was discovered that Synapse exposed cached device information. An attacker could possibly use this issue t...
[SECURITY] Fedora 42 Update: matrix-synapse-1.127.1-1.fc42
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-4.fc41
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora 41 : matrix-synapse (2025-cddcfd6518)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cddcfd6518 advisory. Backport fixes from v1.127.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
Fedora: Security Advisory (FEDORA-2025-cef83410f7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : matrix-synapse (2025-cef83410f7)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-cef83410f7 advisory. Backport fixes from v1.127.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
matrix-synapse-1.127.1-1.1 on GA media (moderate)
matrix-synapse-1.127.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14939-1 Rating: moderate Cross-References: CVE-2025-30355 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2025:14939-1 matrix-synapse-1.127.1-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.127.1-1.1 package on the GA media of openSUSE Tumbleweed...
Improper Input Validation
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation. A malicious server can disrupt the normal operation and prevent the application from federating with other servers by crafting even...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2025-30355 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2025-30355 Source advisory: OSV:GHSA-V56R-HWV5-MXG6...
Fedora: Security Advisory (FEDORA-2024-995720f767)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : matrix-synapse (2024-4cadba7a29)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4cadba7a29 advisory. CVE-2024-52805, CVE-2024-52815, CVE-2024-53863, CVE-2024-53867 ---- Backport fixes from v1.120.1 Tenable has extracted the preceding description blo...
Fedora 40 : matrix-synapse (2024-995720f767)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-995720f767 advisory. CVE-2024-52805, CVE-2024-52815, CVE-2024-53863 ---- Backport fixes from v1.120.1 Tenable has extracted the preceding description block directly from...
Sensitive Information Exposure
Matrix-synapse is vulnerable to information disclosure. The vulnerability is due to improper handling of Sliding Sync, which can leak partial room state changes to users who are no longer in a room, while non-state events remain unaffected...
OPENSUSE-SU-2024:14541-1 matrix-synapse-1.120.2-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.120.2-1.1 package on the GA media of openSUSE Tumbleweed...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the Sliding Sync feature. An attacker can leak partial room state changes to...
Arbitrary File Upload
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Arbitrary File Upload due to the dynamicthumbnails option or processing a specially crafted request. An attacker can exploit this to execute arbitrary code or...