EUVD-2023-0134

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-41335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be...

Fedora 37 : matrix-synapse (2023-5d980e6aaf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5d980e6aaf advisory. Backport fixes for CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directly from the Fedora security advisory...

DEBIAN-CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

DEBIAN-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

UBUNTU-CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

UBUNTU-CVE-2023-41335

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

PYSEC-2023-185

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

Authentication flaw

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

CVE-2023-42453

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

PYSEC-2023-180

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

Design/Logic Flaw

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event if they knew the room ID and event ID. Note that the users were not able to view the events, but simply mark it as read. This could be confusing as...

CVE-2023-41335 Temporary storage of plaintext passwords during password changes in matrix synapse

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...

PT-2023-28352 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue allows users to forge read receipts for any event if they know the room ID and event ID. Although users cannot view the events, they can mark them as read, potentially causing confusion ...

PT-2023-27911 · Synapse +2 · Synapse +2

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.93.0 Description: The issue concerns the temporary storage of user passwords in the server database when users update their credentials. Although this does not grant the server any additional capabilities, it...