Search CVE reports
1 – 10 of 40 results
CVE-2024-53867
Medium prioritySynapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages,...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-53863
Medium prioritySynapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52815
Medium prioritySynapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-52805
Medium prioritySynapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-37303
Medium prioritySynapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-37302
Medium prioritySynapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media....
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-31208
Medium prioritySynapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution...
2 affected packages
matrix-synapse, synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-43796
Medium prioritySynapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver....
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-45129
Medium prioritySynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-42453
Medium prioritySynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to...
1 affected package
matrix-synapse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
matrix-synapse | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |