Matrix Synapse APIs prone to attack

Overview :
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs.
Affected Product(s) :
  • Matrix Synapse before 1.5.0
Vulnerability Details :
CVE ID : CVE-2019-18835
  Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

Solution :

Update to Matrix Synapse 1.5.0

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-22373 : IBM INFOSPHERE INFORMATION SERVER 11.7 ACCESS CONTROL

CVE-2022-22373 : IBM INFOSPHERE INFORMATION SERVER 11.7 ACCESS CONTROL

Description An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead

CVE-2022-34835 : DAS U-BOOT UP TO 2022.07-RC5 I2C MD COMMAND DO_I2C_MD STACK-BASED OVERFLOW

CVE-2022-34835 : DAS U-BOOT UP TO 2022.07-RC5 I2C MD COMMAND DO_I2C_MD STACK-BASED OVERFLOW

Description In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the “i2c md” command