Search CVE reports


Toggle filters

1 – 10 of 40 results


CVE-2024-53867

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages,...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53863

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-52815

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-52805

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-37303

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-37302

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media....

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31208

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution...

2 affected packages

matrix-synapse, synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation
synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-43796

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver....

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-45129

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-42453

Medium priority
Needs evaluation

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to...

1 affected package

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages