Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synapse vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-26257
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/...
Matrix Synapse
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-26890
Matrix Synapse prior to 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote malicious users to execute a denial of service attack against the federation and common Matrix clients. If such a malformed ...
Matrix Synapse
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.1
CVSSv3
CVE-2020-26891
AuthRestServlet in Matrix Synapse prior to 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote malicious user to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to t...
Matrix Synapse
9.8
CVSSv3
CVE-2019-18835
Matrix Synapse prior to 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
Matrix Synapse
5.5
CVSSv3
CVE-2019-13142
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of fil...
Razer Surround 1.1.63.0
7.5
CVSSv3
CVE-2019-11842
An issue exists in Matrix Sydent prior to 1.0.3 and Synapse prior to 0.99.3.1. Random number generation is mishandled, which makes it easier for malicious users to predict a Sydent authentication token or a Synapse random ID.
Matrix Synapse
Matrix Sydent
7.5
CVSSv3
CVE-2019-5885
Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.
Matrix Synapse
Fedoraproject Fedora 28
Fedoraproject Fedora 29
8.8
CVSSv3
CVE-2018-16515
Matrix Synapse prior to 0.33.3.1 allows remote malicious users to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Matrix Synapse
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2018-12423
In Synapse prior to 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Matrix Synapse
7.5
CVSSv3
CVE-2018-12291
The on_get_missing_events function in handlers/federation.py in Matrix Synapse prior to 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
Matrix Synapse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »