347 matches found
Arbitrary File Upload
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Arbitrary File Upload due to the dynamicthumbnails option or processing a specially crafted request. An attacker can exploit this to execute arbitrary code or...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-52815 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-52815 Source advisory: OSV:GHSA-F3R3-H2MQ-HX2H...
Improper Input Validation
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-52805 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-52805 Source advisory: OSV:GHSA-RFQ8-J7RH-8HF2...
Allocation of Resources Without Limits or Throttling
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper handling of multipart/form-data content types. An attacker can amplify denial of...
Missing Authentication for Critical Function
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the unauthenticated writes to the media repository. An attacker can plant problematic content into the med...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37303 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37303 Source advisory: OSV:GHSA-GJGR-7834-RHXR...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37302 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37302 Source advisory: OSV:GHSA-4MHG-XV73-XQ2X...
Allocation of Resources Without Limits or Throttling
Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the media download process. An attacker can induce the server to download and cache large amounts of...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37302 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37302 Source advisory: OSV:PYSEC-2024-286...
raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37303 via matrix-synapse (=0.33.9)
matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37303 Source advisory: OSV:PYSEC-2024-287...
OPENSUSE-SU-2024:11041-1 matrix-synapse-1.43.0-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.43.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13270-1 matrix-synapse-1.93.0-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.93.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11649-1 matrix-synapse-1.47.1-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.47.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12160-1 matrix-synapse-1.61.1-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.61.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13320-1 matrix-synapse-1.94.0-2.1 on GA media
These are all security issues fixed in the matrix-synapse-1.94.0-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13039-1 matrix-synapse-1.85.2-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.85.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13897-1 matrix-synapse-1.105.1-1.1 on GA media
These are all security issues fixed in the matrix-synapse-1.105.1-1.1 package on the GA media of openSUSE Tumbleweed...
Fedora: Security Advisory (FEDORA-2024-d408b654d6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-3ff83cb806)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...