Filter
pip/matrix-synapseMatrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over …
9.8
First published (updated )
pip/matrix-synapseMatrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified…
8.8
First published (updated )
Matrix SynapseCross-site scripting (XSS) vulnerability in the password reset endpoint
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us…
7.5
First published (updated )
Matrix SynapseIn Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels e…
7.5
First published (updated )
Matrix SynapseThe on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a s…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseSynapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
7.5
First published (updated )
Matrix SynapseSynapse Denial of service due to incorrect application of event authorization rules during state resolution
6.5
First published (updated )
Fedoraproject FedoraDenial of service attack via incorrect parameters to federation APIs
6.5
First published (updated )
Matrix SynapseDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
6.5
First published (updated )
Matrix SynapseDenial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseDenial of service attack via .well-known lookups
6.5
First published (updated )
Fedoraproject FedoraURL previews can crash Synapse media repositories or Synapse monoliths
6.5
First published (updated )
Matrix SynapseUncontrolled Resource Consumption in Matrix Synapse
6.5
First published (updated )
Matrix SynapseOpen redirect via transitional IPv6 addresses on dual-stack networks
6.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Matrix SynapseHTML injection in email and account expiry notifications
6.1
First published (updated )
Matrix SynapseOpen redirects on some federation and push requests
6.1
First published (updated )
Matrix SynapseURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
5.4
First published (updated )
Matrix SynapseImproper checks for deactivated users during login in synapse
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraSynapse vulnerable to leak of remote user device information
5.3
First published (updated )
Matrix SynapseSynapse does not apply enough checks to servers requesting auth events of events in a room
First published (updated )
Fedoraproject Fedoramatrix-synapse vulnerable to denial of service due to malicious server ACL events
4.9
First published (updated )
Fedoraproject FedoraImproper validation of receipts allows forged read receipts in matrix synapse
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.