Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

21 – 30 of 34 results

CVE-2021-21333

Low priority
Needs evaluation

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2021-21332

Medium priority
Needs evaluation

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2021-21274

Medium priority
Needs evaluation

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2021-21273

Medium priority
Needs evaluation

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-26257

Medium priority
Needs evaluation

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-26890

Medium priority
Needs evaluation

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-26891

Medium priority
Needs evaluation

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying...

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2019-18835

Medium priority
Fixed

Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Fixed Not in release
Show less packages

CVE-2019-11842

Medium priority

Some fixes available 1 of 3

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Fixed Not in release
Show less packages

CVE-2019-5885

Medium priority

Some fixes available 1 of 2

Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.

1 affected packages

matrix-synapse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
matrix-synapse Not affected Not affected Fixed Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. Next page
Export to JSON