Filter
-Infinity
0
FedoraSynapse vulnerable to leak of remote user device information
5.3
First published (updated )
Matrix SynapseSynapse Outgoing federation to specific hosts can be disabled by sending malicious invites
First published (updated )
Matrix SynapseSynapse Denial of service due to incorrect application of event authorization rules during state resolution
6.5
First published (updated )
Matrix SynapseSynapse does not apply enough checks to servers requesting auth events of events in a room
First published (updated )
Matrix SynapseImproper checks for deactivated users during login in synapse
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
5.4
First published (updated )
FedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us…
7.5
First published (updated )
pip/matrix-synapseDenial of service in Matrix Synapse
5.3
First published (updated )
FedoraTemporary storage of plaintext passwords during password changes in matrix synapse
3.7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/matrix-synapseDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
6.5
First published (updated )
pip/matrix-synapseHTML injection in email and account expiry notifications
6.1
First published (updated )
pip/matrix-synapseCross-site scripting (XSS) vulnerability in the password reset endpoint
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
FedoraURL previews can crash Synapse media repositories or Synapse monoliths
6.5
First published (updated )
pip/matrix-synapseOpen redirect via transitional IPv6 addresses on dual-stack networks
6.3
First published (updated )
Matrix SynapseSynapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
7.5
First published (updated )
pip/matrix-synapseDenial of service attack via .well-known lookups
6.5
First published (updated )
pip/matrix-synapseDenial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
FedoraImproper validation of receipts allows forged read receipts in matrix synapse
4.3
First published (updated )
FedoraDenial of service attack via incorrect parameters to federation APIs
6.5
First published (updated )
Fedoramatrix-synapse vulnerable to denial of service due to malicious server ACL events
4.9
First published (updated )
pip/matrix-synapseMatrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over …
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
FedoraAdding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
3.5
First published (updated )
FedoraImproper authorisation of /members discloses room membership to non-members
3.5
First published (updated )
pip/matrix-synapseOpen redirects on some federation and push requests
6.1
First published (updated )
Matrix SynapseThe on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a s…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.