Lucene search
K

1191 matches found

Snyk
Snyk
added 2026/05/14 4:18 p.m.14 views

Asymmetric Resource Consumption (Amplification)

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the handling of authenticated user requests. An attacker can exhaust CPU resources and cause service...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/14 4:18 p.m.8 views

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2026-45078 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2026-45078 Source advisory: OSV:GHSA-8Q93-326V-3M7G...

6.8CVSS5.8AI score0.00128EPSS
Exploits0
OSV
OSV
added 2026/05/14 4:18 p.m.9 views

GHSA-8Q93-326V-3M7G Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.21 views

Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-41159

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...

7.1CVSS5.8AI score0.00128EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

6.9CVSS5.8AI score0.00369EPSS
Exploits0References10
Chainguard
Chainguard
added 2026/04/17 1:17 a.m.8 views

CVE-2026-40347 vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, wazuh-manager, synapse, kserve, semgrep, airflow, vllm-openai-cuda-12.9, keep-fips, airflow-core, litellm, tritonserver-backend-vllm-cuda-12.9, keep, wazuh-manager-fips...

5.3CVSS5.9AI score0.00351EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/17 1:17 a.m.6 views

GHSA-MJ87-HWQH-73PJ vulnerabilities

Vulnerabilities for packages: tritonserver-backend-vllm-cuda-13.0, wazuh-manager, synapse, kserve, semgrep, airflow, vllm-openai-cuda-12.9, keep-fips, airflow-core, litellm, tritonserver-backend-vllm-cuda-12.9, keep, wazuh-manager-fips...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

Fedora 43 : matrix-synapse / rust-pythonize (2026-151bfcc2af)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-151bfcc2af advisory. Update matrix-synapse to v1.147.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/10 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2026-151bfcc2af)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/02/13 12:0 a.m.3 views

OPENSUSE-SU-2026:10196-1 matrix-synapse-1.147.1-1.1 on GA media

These are all security issues fixed in the matrix-synapse-1.147.1-1.1 package on the GA media of openSUSE Tumbleweed...

9.2CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.9 views

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

7.5CVSS6.9AI score0.0178EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/05 7:46 p.m.3 views

Arbitrary Code Injection

Overview org.apache.synapse:synapse-extensions is an Apache Synapse - Extensions Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated...

9.3CVSS8.1AI score0.00429EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/05 7:46 p.m.4 views

Arbitrary Code Injection

Overview org.apache.synapse:synapse-core is an Apache Synapse - Core Affected versions of this package are vulnerable to Arbitrary Code Injection due to a lack of controls on the GraalJS and NashornJS Script Mediator engines. An attacker can execute arbitrary code with elevated privileges by...

9.3CVSS8.1AI score0.00429EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 9:30 p.m.7 views

EUVD-2025-36710

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS6.9AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 9:30 p.m.6 views

EUVD-2025-36709

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS6.9AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/29 9:30 p.m.5 views

EUVD-2025-36711

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS6.9AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 8:15 p.m.11 views

CVE-2025-9871

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 8:15 p.m.7 views

CVE-2025-9870

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS0.00175EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 8:15 p.m.4 views

CVE-2025-9870

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS6.2AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder