Filtered by vendor Matrix
Subscribe
Total
68 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11340 | 1 Matrix | 1 Sydent | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring. | |||||
CVE-2019-5885 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | |||||
CVE-2019-11842 | 1 Matrix | 2 Sydent, Synapse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. | |||||
CVE-2018-16515 | 2 Debian, Matrix | 2 Debian Linux, Synapse | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | |||||
CVE-2018-10657 | 1 Matrix | 1 Synapse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | |||||
CVE-2018-12291 | 1 Matrix | 1 Synapse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. | |||||
CVE-2018-12423 | 1 Matrix | 1 Synapse | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | |||||
CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. |