Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6076-1
HistoryMay 16, 2023 - 12:00 a.m.

Synapse vulnerabilities

2023-05-1600:00:00
ubuntu.com
19
synapse
ubuntu
vulnerabilities
remote attacks
denial of service
hijack
session
spoofing
user impersonation
cve-2019-18835
cve-2018-12291
cve-2018-10657
cve-2019-11842
cve-2018-12423
cve-2019-5885
cve-2018-16515
python
twisted

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON

Releases

  • Ubuntu 18.04 ESM

Packages

  • matrix-synapse - Synapse: Matrix homeserver written in Python/Twisted.

Details

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2019-18835, CVE-2018-12291, CVE-2018-10657)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to hijack the
session. (CVE-2019-11842, CVE-2018-12423)

It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
spoofing or user impersonation. (CVE-2019-5885, CVE-2018-16515)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchmatrix-synapse< 0.24.0+dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchmatrix-synapse< 0.24.0+dfsg-1UNKNOWN

Related

nessus 10
osv 18
openvas 8
fedora 7
github 7
nvd 7
prion 7
cvelist 7
debiancve 7
ubuntucve 7
cve 7
suse 1
veracode 1
archlinux 1
freebsd 1
nessus
nessus
Ubuntu 18.04 ESM : Synapse vulnerabilities (USN-6076-1)
2023-05-16 00:00:00
Fedora 28 : matrix-synapse (2018-f513267ac5)
2019-01-03 00:00:00
Fedora 29 : matrix-synapse (2018-be6e73f746)
2019-01-03 00:00:00
osv
osv
matrix-synapse vulnerabilities
2023-05-16 07:45:08
CVE-2019-18835
2019-11-08 00:15:10
CVE-2018-10657
2018-05-02 16:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-6076-1)
2023-05-17 00:00:00
Fedora Update for matrix-synapse FEDORA-2018-6db422c637
2018-09-15 00:00:00
Fedora Update for matrix-synapse FEDORA-2019-c6044b3fce
2019-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: matrix-synapse-0.33.3.1-1.fc28
2018-09-14 23:14:22
[SECURITY] Fedora 28 Update: matrix-synapse-0.34.0.1-2.fc28
2019-01-23 01:46:10
[SECURITY] Fedora 28 Update: matrix-synapse-0.28.1-1.fc28
2018-05-15 20:06:46
github
github
Matrix Synapse Improper Signature Validation
2022-05-13 01:50:21
Improper Verification of Cryptographic Signature in matrix-synapse
2022-05-24 22:01:05
Matrix Synapse DoS
2022-05-14 03:20:03
nvd
nvd
CVE-2018-16515
2018-09-18 21:29:03
CVE-2018-12291
2018-06-13 14:29:00
CVE-2019-18835
2019-11-08 00:15:10
prion
prion
Design/Logic Flaw
2018-05-02 16:29:00
Input validation
2018-09-18 21:29:00
Code injection
2019-11-08 00:15:00
cvelist
cvelist
CVE-2018-10657
2022-10-03 16:22:15
CVE-2018-16515
2018-09-18 21:00:00
CVE-2019-18835
2019-11-07 23:12:07
debiancve
debiancve
CVE-2019-18835
2019-11-08 00:15:10
CVE-2018-16515
2018-09-18 21:29:03
CVE-2018-12291
2022-10-03 16:22:07
ubuntucve
ubuntucve
CVE-2018-16515
2018-09-18 00:00:00
CVE-2018-12291
2018-06-13 00:00:00
CVE-2019-18835
2019-11-08 00:00:00
cve
cve
CVE-2018-16515
2018-09-18 21:29:03
CVE-2019-18835
2019-11-08 00:15:10
CVE-2018-12291
2022-10-03 16:22:07
suse
suse
Security update for matrix-synapse (moderate)
2018-06-20 21:10:38
veracode
veracode
User Impersonation
2019-03-22 13:21:00
archlinux
archlinux
[ASA-201901-12] matrix-synapse: private key recovery
2019-01-24 00:00:00
freebsd
freebsd
py-matrix-synapse -- undisclosed vulnerability
2019-01-10 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.2%

JSON
Related for USN-6076-1
nessus10osv18openvas8fedora7github7nvd7prion7cvelist7debiancve7ubuntucve7cve7suse1veracode1archlinux1freebsd1