Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4583 matches found

OSV
OSVadded 2024/12/03 6:44 p.m.14 views

GHSA-56W4-5538-8V8H Synapse Matrix has a partial room state leak via Sliding Sync

Impact The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. Patches Synapse version 1.120.1 fixes the problem. Workarounds Disable Sliding Sync. References...

4.3CVSS4.5AI score0.00134EPSS
Exploits0References4
Snyk
Snykadded 2024/12/03 6:42 p.m.1 views

Improper Input Validation

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Input Validation via invite messages. An attacker can disrupt the /sync functionality by sending a specially crafted invite over federation. Workarou...

8.7CVSS6.5AI score0.00353EPSS
Exploits0References2
OSV
OSVadded 2024/12/03 6:42 p.m.15 views

GHSA-F3R3-H2MQ-HX2H Synapse allows a a malformed invite to break the invitee's `/sync`

Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received ov...

8.7CVSS4.9AI score0.00353EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2024/12/03 6:42 p.m.19 views

Synapse allows a a malformed invite to break the invitee's `/sync`

Impact Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Patches Synapse 1.120.1 rejects such invalid invites received ov...

8.7CVSS6.6AI score0.00353EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2024/12/03 5:15 p.m.2 views

DEBIAN-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

5.3CVSS6.8AI score0.00353EPSS
Exploits0References1
NVD
NVDadded 2024/12/03 5:15 p.m.16 views

CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS0.00134EPSS
Exploits0References2
OSV
OSVadded 2024/12/03 5:15 p.m.2 views

DEBIAN-CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS6.6AI score0.00134EPSS
Exploits0References1
OSV
OSVadded 2024/12/03 5:15 p.m.2 views

UBUNTU-CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

8.7CVSS5.8AI score0.00353EPSS
Exploits0References3
OSV
OSVadded 2024/12/03 5:15 p.m.0 views

UBUNTU-CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS5.8AI score0.00134EPSS
Exploits0References4
OSV
OSVadded 2024/12/03 4:58 p.m.10 views

CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

8.7CVSS6.2AI score0.00353EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2024/12/03 4:58 p.m.18 views

CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

8.7CVSS7.1AI score0.00353EPSS
Exploits0
Cvelist
Cvelistadded 2024/12/03 4:58 p.m.13 views

CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

8.7CVSS0.00353EPSS
Exploits0References1
OSV
OSVadded 2024/12/03 4:52 p.m.10 views

CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS6AI score0.00134EPSS
Exploits0References4
CVE
CVEadded 2024/12/03 4:52 p.m.65 views

CVE-2024-53867

Synapse (Matrix homeserver) Sliding Sync flaw affects versions 1.113.0rc1 through 1.120.0, leaking partial room state changes to users who left the room. Non-state events (e.g., messages) are not affected. The issue is fixed in 1.120.1. Affected CVE: CVE-2024-53867. No exploitation details are pr...

4.3CVSS4.3AI score0.00134EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2024/12/03 4:52 p.m.10 views

CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS6.4AI score0.00134EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2024/12/03 4:52 p.m.12 views

CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS6.5AI score0.00134EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2024/12/03 4:52 p.m.22 views

CVE-2024-53867

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS6.9AI score0.00134EPSS
Exploits0
Cvelist
Cvelistadded 2024/12/03 4:52 p.m.22 views

CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...

4.3CVSS0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/12/03 12:0 a.m.2 views

PT-2024-35965 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions 1.113.0rc1 through 1.120.0 Description: The Sliding Sync feature in Synapse can leak partial room state changes to users who are no longer in a room. This issue does not affect non-state events, such as messages...

8.7CVSS6.4AI score0.01089EPSS
Exploits0References20
CNNVD
CNNVDadded 2024/12/03 12:0 a.m.1 views

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the Sliding Sync feature that may leak some room state changes to users who are no longer in the room...

4.3CVSS6.3AI score0.00134EPSS
Exploits0References3
Rows per page
Query Builder