GO-2022-0989 Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite

Dendrite signature checks not applied to some retrieved missing events in github.com/matrix-org/dendrite...

SUSE CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

Dendrite signature checks not applied to some retrieved missing events

Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...

Design/Logic Flaw

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

CVE-2022-39200 Signature checks not applied to some retrieved missing events

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

Dendrite 数据伪造问题漏洞

Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...

PT-2022-24802 · Dendrite · Dendrite

Name of the Vulnerable Software and Affected Versions: Dendrite versions prior to 0.9.8 Description: The issue concerns events retrieved from a remote homeserver using the "/get missing events" path, where signatures were not verified correctly. This could allow a remote homeserver to provide...

CVE-2021-34573

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

Buffer overflow

In Enbra EWM in Version 1.7.29 together with several tested wireless M-Bus Sensors the events backflow and "no flow" are not reconized or misinterpreted. This may lead to wrong values and missing events...

Enbra EWM 安全漏洞

Enbra Ewm is a universal reading device from the Czech company Enbra. It uses a radio to read water meters, heating cost indicators and calorimeters. An access control error vulnerability exists in Enbra EWM version 1.7.29, which originates in Enbra EWM and several tested wireless M-Bus sensors,...

Matrix Synapse Event Filtering Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. A security vulnerability exists in the 'ongetmissingevents' function in the handlers/federation.py file in Matrix Synapse versions prior to 0.31.1. No details of the vulnerability are provided at this time...

UBUNTU-CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

DEBIAN-CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...