Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12423 | 1 Matrix | 1 Synapse | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | |||||
| CVE-2018-12291 | 1 Matrix | 1 Synapse | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. | |||||
| CVE-2019-11842 | 1 Matrix | 2 Sydent, Synapse | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID. | |||||
| CVE-2018-10657 | 1 Matrix | 1 Synapse | 2018-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018. | |||||