Matrix Synapse APIs prone to attack

http://offsecnewbie.com/wp-includes/ Overview :
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs.
isotretinoin to buy in canada Affected Product(s) :
  • Matrix Synapse before 1.5.0
Vulnerability Details :
CVE ID : CVE-2019-18835
  Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

Solution :

Update to Matrix Synapse 1.5.0

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in

CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD

CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD

Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed