Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synapse vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-21393
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm...
Matrix Synapse
Fedoraproject Fedora 34
5.3
CVSSv3
CVE-2021-29471
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `e...
Matrix Synapse
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2018-16515
Matrix Synapse prior to 0.33.3.1 allows remote malicious users to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
Matrix Synapse
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2022-31052
Synapse is an open source home server implementation for the Matrix chat network. In versions before 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error...
Matrix Synapse
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.9
CVSSv3
CVE-2023-45129
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed fede...
Matrix Synapse
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.3
CVSSv3
CVE-2023-42453
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This co...
Matrix Synapse
Fedoraproject Fedora 37
Fedoraproject Fedora 38
3.7
CVSSv3
CVE-2023-41335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already lea...
Matrix Synapse
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.3
CVSSv3
CVE-2023-43796
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Syna...
Matrix Synapse
Fedoraproject Fedora 38
Fedoraproject Fedora 39
7.5
CVSSv3
CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the aff...
Matrix Synapse
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2019-5885
Matrix Synapse prior to 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote malicious users to impersonate users.
Matrix Synapse
Fedoraproject Fedora 28
Fedoraproject Fedora 29
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »