2166 matches found
Design/Logic Flaw
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
PYSEC-2021-135
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...
tomcat -- HTTP request smuggling in multiple versions
Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab reports: Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignored...
CVE-2021-29490
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
Server side request forgery (ssrf)
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
CVE-2021-29490 Unauthenticated GET requests through Remote Image endpoints
Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...
golang: data race in certain net/http servers including ReverseProxy can lead to DoS
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...
[SECURITY] Fedora 34 Update: nginx-1.20.0-2.fc34
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 33 Update: nginx-1.20.0-2.fc33
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
CVE-2021-29456
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
CVE-2021-29456
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
Authorization
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
CVE-2021-29456 Authelia allows open redirects on the logout endpoint
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to an...
Reproxy - Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTPs server / reverse proxy supporting various providers docker, static, file. One or more providers supply information about requested server, requested url, destination url and health check url. Distributed as a single binary or as a docker container. Automatic SSL...
Sydent vulnerable to denial of service attack via memory exhaustion
Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....
GHSA-WMG4-8CP2-HPG9 Sydent vulnerable to denial of service attack via memory exhaustion
Impact Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to disk space exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers....
SUSE: Security Advisory (SUSE-SU-2020:0661-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-29430
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...