CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26257 – Denial of service attack via incorrect parameters to federation APIs
https://notcve.org/view.php?id=CVE-2020-26257
09 Dec 2020 — Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts fed... • https://github.com/matrix-org/synapse/blob/develop/CHANGES.md#synapse-1231-2020-12-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2020-26890
https://notcve.org/view.php?id=CVE-2020-26890
24 Nov 2020 — Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the im... • https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26891
https://notcve.org/view.php?id=CVE-2020-26891
19 Oct 2020 — AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints. AuthRestServlet en Matrix Synapse versiones anteriores a 1.21.0 es vulnerable a XSS debido a la interpolación insegura del parámetr... • https://github.com/matrix-org/synapse/pull/8444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18835
https://notcve.org/view.php?id=CVE-2019-18835
07 Nov 2019 — Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. Matrix Synapse versiones anteriores a 1.5.0, maneja inapropiadamente la comprobación de firmas en algunas API federation. Los eventos enviados mediante /send_join, /send_leave, y /invite pueden no estar firmados correctamente o no pueden provenir de los servidores esperados. • https://github.com/matrix-org/synapse/pull/6262 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 25%CPEs: 12EXPL: 1CVE-2017-15708 – Gentoo Linux Security Advisory 202107-37
https://notcve.org/view.php?id=CVE-2017-15708
11 Dec 2017 — In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to tru... • https://github.com/HuSoul/CVE-2017-15708 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11652 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11652
26 Jul 2017 — Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio CrashReporter, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano dbghelp.dll. Razer Synapse versions 2.20.15.1104 and below suffer from multiple dll search order hijacking vulnerabilities. • https://packetstorm.news/files/id/143516 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11653 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11653
26 Jul 2017 — Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio Devices, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll. Razer Synapse versions 2.20.15.1104 and below suffer from mul... • https://packetstorm.news/files/id/143516 • CWE-732: Incorrect Permission Assignment for Critical Resource •