Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2022/09/15 3:28 a.m.12 views

GHSA-PFW4-XJGM-267C Dendrite signature checks not applied to some retrieved missing events

Impact Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events retrieved through...

7.3CVSS6AI score0.00108EPSS
Exploits0References4
NVD
NVDadded 2022/09/12 8:15 p.m.11 views

CVE-2022-39200

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS0.00108EPSS
Exploits0References2
OSV
OSVadded 2022/09/12 8:10 p.m.17 views

CVE-2022-39200 Signature checks not applied to some retrieved missing events

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS6.1AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelistadded 2022/09/12 8:10 p.m.14 views

CVE-2022-39200 Signature checks not applied to some retrieved missing events

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

7.3CVSS7.4AI score0.00108EPSS
Exploits0References2
CVE
CVEadded 2022/09/12 8:10 p.m.89 views

CVE-2022-39200

Dendrite (Matrix homeserver, Go) had a vulnerability where events fetched from a remote server via /get_missing_events were not verified for signatures. This could allow a remote homeserver to provide invalid/modified events to Dendrite through that endpoint. Other endpoints such as /event or /st...

7.3CVSS6.1AI score0.00108EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/09/12 12:0 a.m.17 views

FreeBSD : dendrite -- Signature checks not applied to some retrieved missing events (4ebaa983-3299-11ed-95f8-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4ebaa983-3299-11ed-95f8-901b0e9408dc advisory. - Dendrite team reports: Events retrieved from a remote homeserver using /getmissingevents did not have...

5.7AI score
Exploits0References2
Rows per page
Query Builder