791 matches found
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
DEBIAN-CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
Code injection
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
Code injection
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40824
The CVE-2021-40824 issue affects Element Android prior to 1.2.2 and matrix-android-sdk2 (Matrix SDK for Android). A logic error in the room key sharing functionality allows a malicious Matrix homeserver in an encrypted room to steal room encryption keys via crafted Matrix protocol messages, enabl...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
PT-2021-22961 · Element +2 · Element Android +2
Name of the Vulnerable Software and Affected Versions: Element Android versions prior to 1.2.2 matrix-android-sdk2 aka Matrix SDK for Android versions prior to 1.2.2 Description: A logic error in the room key sharing functionality allows a malicious Matrix homeserver present in an encrypted room ...
PT-2021-22960 · Cinny +5 · Cinny +7
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 12.4.1 Element Web versions 1.8.2 and earlier Element Desktop versions 1.8.2 and earlier SchildiChat Web versions 1.7.32-sc1 and earlier SchildiChat Desktop versions 1.7.32-sc1 and earlier Cinny versions 1.2.0...
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature,...
The vulnerability of the Telerik.Web.UI.dll library of the Telerik UI software for ASP.NET AJAX and the Sitefinity web content management system allows a attacker to exploit the encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or MachineKey).
The vulnerability of the Telerik.Web.UI.dll library of the Telerik UI software for ASP.NET AJAX and the Sitefinity web content management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to disclose encryption keys...
OTRS 信息泄露漏洞
OTRS is a service management software application from OTRS Germany. OTRS suffers from an information disclosure vulnerability that arises from the software generating support packages that contain private S/MIME and PGP keys if the contained folder is not hidden. No details of the vulnerability...
Matrix clients -- several vulnerabilities
Matrix developers report: Today we are disclosing a critical security issue affecting multiple Matrix clients and libraries including Element Web/Desktop/Android, FluffyChat, Nheko, Cinny, and SchildiChat. Specifically, in certain circumstances it may be possible to trick vulnerable clients into...
REW-sploit - Emulate And Dissect MSF And *Other* Attacks
REW-sploit The tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.htmlrew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploitdocs Need help in analyzing Windows shellco...