Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synapse vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-39163
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where t...
Matrix Synapse
Fedoraproject Fedora 34
Fedoraproject Fedora 35
312
VMScore
CVE-2021-39164
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms w...
Matrix Synapse
Fedoraproject Fedora 34
Fedoraproject Fedora 35
445
VMScore
CVE-2019-5885
Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.
Matrix Synapse
Fedoraproject Fedora 28
Fedoraproject Fedora 29
445
VMScore
CVE-2020-26890
Matrix Synapse prior to 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote malicious users to execute a denial of service attack against the federation and common Matrix clients. If such a malformed ...
Matrix Synapse
Fedoraproject Fedora 32
Fedoraproject Fedora 33
NA
CVE-2024-31208
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances prior to 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption ...
668
VMScore
CVE-2010-1632
Apache Axis2 prior to 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 up to and including 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 up to and including 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geroni...
Apache Axis2 1.4
Apache Axis2 1.3
Apache Axis2 1.4.1
Apache Axis2 1.5
Apache Axis2
587
VMScore
CVE-2019-13142
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of fil...
Razer Surround 1.1.63.0
436
VMScore
CVE-2021-30493
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log infor...
436
VMScore
CVE-2021-30494
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log info...
NA
CVE-2022-36009
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` even...
Matrix Dendrite
Matrix Gomatrixserverlib -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5