CVE search results

31 – 34 of 34 results

Detailed view

Sort by:

CVE-2018-16515

Medium priority

Some fixes available 1 of 2

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

1 affected packages

matrix-synapse

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
matrix-synapse	—	Not affected	Not affected	Fixed	Not in release

CVE-2018-12423

Low priority

Some fixes available 1 of 2

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.

1 affected packages

matrix-synapse

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
matrix-synapse	—	Not affected	Not affected	Fixed	Not in release

CVE-2018-12291

Medium priority

Some fixes available 1 of 11

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

1 affected packages

matrix-synapse

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
matrix-synapse	Needs evaluation	Not affected	Not affected	Fixed	Not in release

CVE-2018-10657

Medium priority

Some fixes available 11 of 12

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the...

1 affected packages

matrix-synapse

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
matrix-synapse	—	Fixed	Fixed	Fixed	Not in release

Export to JSON

Results by page:

Search CVE reports