Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synapse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-10657
Matrix Synapse prior to 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018.
Matrix Synapse
9.8
CVSSv3
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted...
Apache Synapse 3.0.0
Apache Synapse 2.1.0
Apache Synapse 2.0.0
Apache Synapse 1.2
Apache Synapse 1.1.2
Apache Synapse 1.1.1
Apache Synapse 1.0
Apache Synapse 1.1
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Financial Services Market Risk Measurement And Management 8.0.6
Oracle Financial Services Market Risk Measurement And Management 8.0.8
2 Github repositories
7.8
CVSSv3
CVE-2017-14398
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.
Razer Synapse 2.20.15.1104
7.8
CVSSv3
CVE-2017-11653
Razer Synapse 2.20.15.1104 and previous versions uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
Razer Synapse
8.4
CVSSv3
CVE-2017-11652
Razer Synapse 2.20.15.1104 and previous versions uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
Razer Synapse
5.5
CVSSv3
CVE-2017-9770
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
Razerzone Razer Synapse
9.8
CVSSv3
CVE-2017-9769
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
Razer Synapse 2.20.15.1104
1 EDB exploit
1 Github repository
NA
CVE-2014-7787
The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synapse Ishuttle 1
NA
CVE-2010-3743
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and previous versions, allows remote malicious users to read arbitrary files via a .. (dot dot) in the URI.
Rene Tegel Visual Synapse
Rene Tegel Visual Synapse 0.50
Rene Tegel Visual Synapse 1.0
NA
CVE-2010-1632
Apache Axis2 prior to 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 up to and including 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 up to and including 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geroni...
Apache Axis2 1.4
Apache Axis2 1.3
Apache Axis2 1.4.1
Apache Axis2 1.5
Apache Axis2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5