Vulnerabilities > Matrix > Synapse > 0.14.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-39163 Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
network
high complexity
matrix fedoraproject
3.1
3.1
2021-05-11 CVE-2021-29471 Insufficient Entropy vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-331
5.3
5.3
2021-04-12 CVE-2021-21392 Open Redirect vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-601
6.3
6.3
2021-03-26 CVE-2021-21333 Cross-site Scripting vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
high complexity
matrix fedoraproject CWE-79
6.1
6.1
2021-03-26 CVE-2021-21332 Cross-site Scripting vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-79
8.2
8.2
2021-02-26 CVE-2021-21273 Open Redirect vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-601
6.1
6.1
2020-12-09 CVE-2020-26257 Resource Exhaustion vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and VoIP.
network
low complexity
matrix fedoraproject CWE-400
6.5
6.5
2020-11-24 CVE-2020-26890 Improper Input Validation vulnerability in multiple products
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients.
network
low complexity
matrix fedoraproject CWE-20
7.5
7.5
2020-10-19 CVE-2020-26891 Cross-site Scripting vulnerability in Matrix Synapse
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter.
network
low complexity
matrix CWE-79
6.1
6.1
2019-11-08 CVE-2019-18835 Insufficient Verification of Data Authenticity vulnerability in Matrix Synapse
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs.
network
low complexity
matrix CWE-345
critical
 9.8
9.8