170 matches found
UBUNTU-CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39236
CVE-2022-39236 affects the Matrix JavaScript SDK (matrix-js-sdk). Starting with version 17.1.0-rc.1, improperly formed beacon events (MSC3488) can disrupt or impede the matrix-js-sdk’s operation, potentially preventing safe data processing. The SDK may appear functional while excluding or corrupt...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39251
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251
The CVE-2022-39251 vulnerability affects the Matrix Javascript SDK (matrix-js-sdk) prior to version 19.7.0. It stems from a protocol confusion bug that allowed to‑device messages encrypted with Megolm to be accepted as Olm, enabling an attacker coordinating with a malicious homeserver to craft me...
CVE-2022-39249
CVE-2022-39249 affects the Matrix Javascript SDK (matrix-js-sdk) prior to 19.7.0. A malicious homeserver can coordinate to craft messages that appear from another user due to a permissive key-forwarding policy. Starting with 19.7.0, the default policy was tightened to only accept forwarded keys i...
FreeBSD : Matrix clients -- several vulnerabilities (cb902a77-3f43-11ed-9402-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cb902a77-3f43-11ed-9402-901b0e9408dc advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7....
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39249
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...