Vulnerabilities > Matrix > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-12 CVE-2021-21392 Open Redirect vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-601
6.3
2021-04-12 CVE-2021-21394 Improper Input Validation vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-20
6.5
2021-03-26 CVE-2021-21333 Cross-site Scripting vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
high complexity
matrix fedoraproject CWE-79
6.1
2021-02-26 CVE-2021-21274 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-770
6.5
2021-02-26 CVE-2021-21273 Open Redirect vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-601
6.1
2020-12-09 CVE-2020-26257 Resource Exhaustion vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and VoIP.
network
low complexity
matrix fedoraproject CWE-400
6.5
2020-10-19 CVE-2020-26891 Cross-site Scripting vulnerability in Matrix Synapse
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter.
network
low complexity
matrix CWE-79
6.1
2019-04-19 CVE-2019-11340 Improper Input Validation vulnerability in Matrix Sydent 1.0.0/1.0.1
util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled.
network
high complexity
matrix CWE-20
5.9