Vulnerabilidades en matrix-org
80 resultadosCVE-2020-26257MEDIUMDenial of service attack via incorrect parameters to federation APIsEPSS 2.4%CVE-2021-21274MEDIUMDenial of service attack via .well-known lookupsEPSS 2.2%CVE-2021-29430HIGHDenial of service attack via memory exhaustionEPSS 1.8%CVE-2021-21273LOWOpen redirects on some federation and push requestsEPSS 1.8%CVE-2021-29471LOWDenial of service in Matrix SynapseEPSS 1.6%CVE-2021-21393MEDIUMDenial of service (via resource exhaustion) due to improper input validation on groups/communities endpointsEPSS 1.6%CVE-2021-21394MEDIUMDenial of service (via resource exhaustion) due to improper input validation on third-party identifier endpointsEPSS 1.5%CVE-2021-41281HIGHPath traversal in Matrix SynapseEPSS 1.5%CVE-2021-39164LOWImproper authorisation of /members discloses room membership to non-membersEPSS 1.4%CVE-2021-21333MEDIUMHTML injection in email and account expiry notificationsEPSS 1.4%CVE-2022-31052MEDIUMURL previews can crash Synapse media repositories or Synapse monolithsEPSS 1.4%CVE-2021-21332MEDIUMCross-site scripting (XSS) vulnerability in the password reset endpointEPSS 1.2%CVE-2021-29431HIGHSSRF in Sydent due to missing validation of hostnamesEPSS 1.2%CVE-2023-28427HIGHPrototype pollution in matrix-js-sdkEPSS 1.2%CVE-2023-45129MEDIUMmatrix-synapse vulnerable to denial of service due to malicious server ACL eventsEPSS 1.2%CVE-2022-39236MEDIUMMatrix Javascript SDK improper beacon events can cause availability issuesEPSS 1.0%CVE-2023-32323MEDIUMSynapse Outgoing federation to specific hosts can be disabled by sending malicious invitesEPSS 1.0%CVE-2022-39374MEDIUMSynapse Denial of service due to incorrect application of event authorization rules during state resolutionEPSS 0.9%CVE-2022-39249HIGHMatrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessionsEPSS 0.9%CVE-2021-32659MEDIUMAutomatic room upgrade handling can be used maliciously to bridge a room non-consentuallyEPSS 0.9%