CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37303 – Synapse unauthenticated writes to the media repository allow planting of problematic content
https://notcve.org/view.php?id=CVE-2024-37303
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a p... • https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37302 – Synapse denial of service through media disk space consumption
https://notcve.org/view.php?id=CVE-2024-37302
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucke... • https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52805 – Synapse allows unsupported content types to lead to memory exhaustion
https://notcve.org/view.php?id=CVE-2024-52805
03 Dec 2024 — Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. • https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52815 – Synapse allows a a malformed invite to break the invitee's `/sync`
https://notcve.org/view.php?id=CVE-2024-52815
03 Dec 2024 — Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. • https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53867 – Synapse Matrix has a partial room state leak via Sliding Sync
https://notcve.org/view.php?id=CVE-2024-53867
03 Dec 2024 — Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. • https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53863 – Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
https://notcve.org/view.php?id=CVE-2024-53863
03 Dec 2024 — Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or wit... • https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54210 – WordPress Advanced Element Bucket Addons for Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54210
02 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. The Advanced Element Bucket Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for auth... • https://patchstack.com/database/wordpress/plugin/cs-element-bucket/vulnerability/wordpress-advanced-element-bucket-addons-for-elementor-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51750 – Element allows a malicious homeserver can modify events leading to unrenderable events or rooms
https://notcve.org/view.php?id=CVE-2024-51750
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85. • https://github.com/element-hq/element-web/commit/231073c578d5f92b33cde7aa2b0b9c5836b2dc48 • CWE-248: Uncaught Exception •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51749 – Element's thumbnails can be abused to misrepresent the content of an attachment
https://notcve.org/view.php?id=CVE-2024-51749
12 Nov 2024 — Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. • https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51787 – WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51787
04 Nov 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3. The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://patchstack.com/database/vulnerability/element-ready-lite/wordpress-elementsready-addons-for-elementor-plugin-6-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •