CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

Design/Logic Flaw

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

PYSEC-2021-135

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

UBUNTU-CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

CVE-2021-29471

The CVE-2021-29471 issue affects the Matrix Synapse Python package (matrix-synapse) prior to version 1.33.2. It concerns Push rules with event_match patterns that can cause very poor performance in the rule-matching engine, potentially enabling a denial-of-service when processing moderate-length ...

CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

py-matrix-synapse -- malicious push rules may be used for a denial of service attack.

Matrix developers report: "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processi...

Arbitrary Code Execution

libxml2 is vulnerable to arbitrary code execution. A use-after-free occurs in xmllint when --html and --push options are used, allowing an attacker to execute arbitrary code on the host OS by submitting malicious files...

Exploit for Use After Free in Google Android

CVE-2019-2215 CVE-2019-2215 POC for kernel 3.18 Based on Madd...

The vulnerability of the deferred_auth function in OpenVPN software allows a hacker to force the server to send the PUSH_REPLY message with VPN configuration details before sending the AUTH_FAILED message.

The vulnerability of the deferredauth function in OpenVPN software relates to bypassing authentication due to a fundamental error. Exploiting this vulnerability allows a remote attacker to force the server to send a PUSHREPLY message containing VPN configuration details before sending the...

PT-2021-2690 · Openvpn +5 · Openvpn +5

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.5.1 and earlier Description: The issue allows a remote attacker to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially be used to trigger further...

Linux/x86 - execve(/bin/sh) Shellcode (17 bytes)

Linux/x86 - execve/bin/sh Shellcode 17 bytes Author: s1ege Tested on: i686 GNU/Linux Shellcode length: 17 / ; nasm -felf32 shellcode.asm && ld -melfi386 shellcode.o -o shellcode section .text global start start: push 0x0b pop eax push 0x0068732f push 0x6e69622f mov ebx, esp int 0x80 / include...

Open Redirect

matrix-synapse is vulnerable to open redirect. The requests to the user provided domains are allowed to external IP addresses while using transitional IPv6 addresses, affecting outbound requests to federation, identity servers, when calculating the key validity for third-party invite events,...

diversion (>=0.2.0 <=0.4.6), push-it (>=0.1.0 <=0.1.4) +1 more potentially affected by CVE-2020-8823 via sockjs (>=0.0.4 <=0.2.1)

sockjs NPM version =0.0.4, =0.2.0, =0.1.0, =0.0.0pre3, =0.0.0pre31 Source cves: CVE-2020-8823 Source advisory: OSV:GHSA-HH8V-JMH3-9437...

Open redirect via transitional IPv6 addresses on dual-stack networks

Impact Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL...

DEBIAN-CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

PYSEC-2021-25

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

Apache Synapse 输入验证错误漏洞

Apache Synapse is a lightweight ESB Enterprise Service Bus from the Apache Foundation USA. A security vulnerability existed prior to Synapse version 1.28.0, which stemmed from the fact that requests to user-provided domains were not limited to external IP addresses when Synapse used transitional...

Phish-Proof Multi-Factor Authentication with Akamai MFA

Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication MFA service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service? When an employee...