4643 matches found
UBUNTU-CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
UBUNTU-CVE-2024-53867
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-52815
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...
CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
CVE-2024-53867
Synapse (Matrix homeserver) Sliding Sync flaw affects versions 1.113.0rc1 through 1.120.0, leaking partial room state changes to users who left the room. Non-state events (e.g., messages) are not affected. The issue is fixed in 1.120.1. Affected CVE: CVE-2024-53867. No exploitation details are pr...
CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
CVE-2024-53867 Synapse Matrix has a partial room state leak via Sliding Sync
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
CVE-2024-53867
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
CVE-2024-53867
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1...
Element Synapse 安全漏洞
Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the Sliding Sync feature that may leak some room state changes to users who are no longer in the room...
PT-2024-35965 · Synapse · Synapse
Name of the Vulnerable Software and Affected Versions: Synapse versions 1.113.0rc1 through 1.120.0 Description: The Sliding Sync feature in Synapse can leak partial room state changes to users who are no longer in a room. This issue does not affect non-state events, such as messages...
WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Captivate Sync versions = 2.0.22...
OPENSUSE-SU-2024:0382-1 Security update for cobbler
This update for cobbler fixes the following issues: Update to 3.3.7: Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname entries from being generated successfully Fix build on RHEL9 based distributions fence-agents-a...
Security update for cobbler (important)
openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2024:0382-1 Rating: important References: 1203478 1204900 1205489 1205749 1206060 1206160 1206520 1207595 1209149 1219933 1231332 Cross-References: CVE-2024-47533 CVSS scores: CVE-2024-47533 SUSE: 9.8...
MAL-2024-11108 Malicious code in sync-ghes-actions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6392f0dcc6aab8ef4f6f380e3278d8b439e146ff540bd1c9e5b445a71ee577cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
kernel: mptcp: pm: Fix uaf in __timer_delete_sync
A use-after-free flaw was found in the Linux kernel’s Multipath TCP MPTCP subsystem. This flaw allows a local user to crash or potentially escalate their privileges on the system...
OPENSUSE-SU-2024:0370-1 Security update for cobbler
This update for cobbler fixes the following issues: Update to 3.3.7 Security: Fix issue that allowed anyone to connect to the API as admin CVE-2024-47533, boo1231332 bind - Fix bug that prevents cname entries from being generated successfully Fix build on RHEL9 based distributions fence-agents-al...
Security update for cobbler (critical)
openSUSE Security Update: Security update for cobbler Announcement ID: openSUSE-SU-2024:0370-1 Rating: critical References: 1231332 Cross-References: CVE-2024-47533 CVSS scores: CVE-2024-47533 SUSE: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ...