matrix-org Synapse Vulnerabilities
Matrix-org Synapse vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Synapse vulnerable to leak of remote user device information
CVE-2023-43796Matrix-orgSynapse5.3MEDIUMmatrix-synapse vulnerable to denial of service due to malicious server ACL events
CVE-2023-45129Matrix-orgSynapse4.9MEDIUMTemporary storage of plaintext passwords during password changes in matrix synapse
CVE-2023-41335Matrix-orgSynapse3.7LOWImproper validation of receipts allows forged read receipts in matrix synapse
CVE-2023-42453Matrix-orgSynapse3.1LOWImproper checks for deactivated users during login in synapse
CVE-2023-32682Matrix-orgSynapse5.4MEDIUMURL deny list bypass via oEmbed and image URLs when generating previews in Synapse
CVE-2023-32683Matrix-orgSynapse3.5LOWSynapse Outgoing federation to specific hosts can be disabled by sending malicious invites
CVE-2023-32323Matrix-orgSynapse4.3MEDIUMSynapse Denial of service due to incorrect application of event authorization rules during state resolution
CVE-2022-39374Matrix-orgSynapse6.5MEDIUMSynapse does not apply enough checks to servers requesting auth events of events in a room
CVE-2022-39335Matrix-orgSynapse5MEDIUMUncontrolled Resource Consumption in Matrix Synapse
CVE-2022-41952Matrix-orgSynapse6.5MEDIUMSynapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules
CVE-2022-31152Matrix-orgSynapse6.4MEDIUMURL previews can crash Synapse media repositories or Synapse monoliths
CVE-2022-31052Matrix-orgSynapse6.5MEDIUMPath traversal in Matrix Synapse
CVE-2021-41281Matrix-orgSynapse7.5HIGHImproper authorisation of /members discloses room membership to non-members
CVE-2021-39164Matrix-orgSynapse3.1LOWAdding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
CVE-2021-39163Matrix-orgSynapse3.1LOWDenial of service in Matrix Synapse
CVE-2021-29471Matrix-orgSynapse3.7LOWOpen redirect via transitional IPv6 addresses on dual-stack networks
CVE-2021-21392Matrix-orgSynapse6.3MEDIUMDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
CVE-2021-21393Matrix-orgSynapse5.3MEDIUMDenial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
CVE-2021-21394Matrix-orgSynapse5.3MEDIUMHTML injection in email and account expiry notifications
CVE-2021-21333Matrix-orgSynapse6.1MEDIUMCross-site scripting (XSS) vulnerability in the password reset endpoint
CVE-2021-21332Matrix-orgSynapse6.9MEDIUMOpen redirects on some federation and push requests
CVE-2021-21273Matrix-orgSynapse3.1LOWDenial of service attack via .well-known lookups
CVE-2021-21274Matrix-orgSynapse4.3MEDIUMDenial of service attack via incorrect parameters to federation APIs
CVE-2020-26257Matrix-orgSynapse6.5MEDIUM
31 October 2023
10 October 2023
27 September 2023
6 June 2023
26 May 2023
22 November 2022
2 September 2022
28 June 2022
23 November 2021
31 August 2021
11 May 2021
12 April 2021
26 March 2021
26 February 2021
9 December 2020
No more vulnerabilities to load.