Lucene search
K

347 matches found

Snyk
Snyk
added 2024/12/03 6:44 p.m.1 views

Arbitrary File Upload

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Arbitrary File Upload due to the dynamicthumbnails option or processing a specially crafted request. An attacker can exploit this to execute arbitrary code or...

9.1CVSS7.8AI score0.00625EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/12/03 6:42 p.m.4 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-52815 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-52815 Source advisory: OSV:GHSA-F3R3-H2MQ-HX2H...

8.7CVSS6.5AI score0.00547EPSS
Exploits0
Snyk
Snyk
added 2024/12/03 6:42 p.m.3 views

Improper Input Validation

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...

8.7CVSS6.5AI score0.00547EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/12/03 6:40 p.m.3 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-52805 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-52805 Source advisory: OSV:GHSA-RFQ8-J7RH-8HF2...

8.2CVSS6.5AI score0.00715EPSS
Exploits0
Snyk
Snyk
added 2024/12/03 6:40 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper handling of multipart/form-data content types. An attacker can amplify denial of...

8.2CVSS6.7AI score0.00715EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/03 6:40 p.m.1 views

Missing Authentication for Critical Function

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the unauthenticated writes to the media repository. An attacker can plant problematic content into the med...

6.9CVSS6.4AI score0.00419EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/12/03 6:40 p.m.2 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37303 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37303 Source advisory: OSV:GHSA-GJGR-7834-RHXR...

5.3CVSS6.5AI score0.00419EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/03 6:39 p.m.4 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37302 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37302 Source advisory: OSV:GHSA-4MHG-XV73-XQ2X...

7.5CVSS6.5AI score0.00572EPSS
Exploits0
Snyk
Snyk
added 2024/12/03 6:39 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the media download process. An attacker can induce the server to download and cache large amounts of...

8.7CVSS7.1AI score0.00572EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/12/03 5:15 p.m.6 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37302 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37302 Source advisory: OSV:PYSEC-2024-286...

7.5CVSS6.5AI score0.00572EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/12/03 5:15 p.m.7 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2024-37303 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2024-37303 Source advisory: OSV:PYSEC-2024-287...

5.3CVSS6.5AI score0.00419EPSS
Exploits0
OSV
OSV
added 2024/06/15 12:0 a.m.21 views

OPENSUSE-SU-2024:11041-1 matrix-synapse-1.43.0-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.43.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.9AI score0.62906EPSS
Exploits8References11
OSV
OSV
added 2024/06/15 12:0 a.m.18 views

OPENSUSE-SU-2024:13270-1 matrix-synapse-1.93.0-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.93.0-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS7.6AI score0.99735EPSS
Exploits9References3
OSV
OSV
added 2024/06/15 12:0 a.m.5 views

OPENSUSE-SU-2024:11649-1 matrix-synapse-1.47.1-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.47.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.5AI score0.01514EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:12160-1 matrix-synapse-1.61.1-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.61.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS6.5AI score0.01578EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.9 views

OPENSUSE-SU-2024:13320-1 matrix-synapse-1.94.0-2.1 on GA media

These are all security issues fixed in the matrix-synapse-1.94.0-2.1 package on the GA media of openSUSE Tumbleweed...

4.9CVSS5.1AI score0.01166EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.9 views

OPENSUSE-SU-2024:13039-1 matrix-synapse-1.85.2-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.85.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.4CVSS4.6AI score0.00752EPSS
Exploits0References2
OSV
OSV
added 2024/06/15 12:0 a.m.4 views

OPENSUSE-SU-2024:13897-1 matrix-synapse-1.105.1-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.105.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS6.4AI score0.01463EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.11 views

Fedora: Security Advisory (FEDORA-2024-d408b654d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01463EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2024-3ff83cb806)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01463EPSS
Exploits0References3
Rows per page
Query Builder