Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2021/09/14 8:24 p.m.54 views

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...

5.9CVSS0.1AI score0.00641EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2021/09/13 7:15 p.m.26 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.9CVSS0.00641EPSS
Exploits0References2
OSV
OSV
added 2021/09/13 7:15 p.m.1 views

DEBIAN-CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS5.8AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2021/09/13 7:15 p.m.23 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.9CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/09/13 7:15 p.m.19 views

Code injection

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

4.3CVSS5.5AI score0.00641EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/09/13 7:15 p.m.19 views

Code injection

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

4.3CVSS5.6AI score0.00641EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2021/09/13 7:15 p.m.25 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS6.2AI score0.00641EPSS
Exploits0References5
OSV
OSV
added 2021/09/13 7:15 p.m.3 views

UBUNTU-CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS6.2AI score0.00641EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2021/09/13 6:49 p.m.43 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.9CVSS5.5AI score0.00641EPSS
Exploits0
CVE
CVE
added 2021/09/13 6:45 p.m.110 views

CVE-2021-40823

CVE-2021-40823 affects matrix-js-sdk and related Element client variants. A logic error in the room key sharing functionality prior to version 12.4.1 allows a malicious Matrix homeserver participating in an encrypted room to steal room encryption keys originally sent by affected clients, enabling...

5.9CVSS5.4AI score0.00641EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2021/09/13 6:45 p.m.49 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS5.5AI score0.00641EPSS
Exploits0
Cvelist
Cvelist
added 2021/09/13 6:45 p.m.47 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.8AI score0.00641EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/09/13 6:45 p.m.14 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS5.5AI score0.00641EPSS
Exploits0
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.6 views

Element Android 加密问题漏洞

Element Android is the Android Matrix client provided by Element. A cryptographic issue vulnerability exists in Element Android prior to version 1.2.2 and matrix-android-sdk2 prior to version 1.2.2, which stems from a logic error in the device's room key sharing functionality that results in...

5.9CVSS5.9AI score0.00641EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/09/13 12:0 a.m.4 views

PT-2021-22960 · Cinny +5 · Cinny +7

Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 12.4.1 Element Web versions 1.8.2 and earlier Element Desktop versions 1.8.2 and earlier SchildiChat Web versions 1.7.32-sc1 and earlier SchildiChat Desktop versions 1.7.32-sc1 and earlier Cinny versions 1.2.0...

5.9CVSS5.4AI score0.00641EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2021/09/13 12:0 a.m.3 views

PT-2021-22961 · Element +2 · Element Android +2

Name of the Vulnerable Software and Affected Versions: Element Android versions prior to 1.2.2 matrix-android-sdk2 aka Matrix SDK for Android versions prior to 1.2.2 Description: A logic error in the room key sharing functionality allows a malicious Matrix homeserver present in an encrypted room ...

5.9CVSS5.5AI score0.00641EPSS
Exploits0References18
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.23 views

Matrix 加密问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A cryptographic issue vulnerability exists in versions of Matrix Javascript SDK prior to 12.4.1, which stems from a logic error in a device's room key sharing functionality that results in insufficient...

5.9CVSS5.9AI score0.00641EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.2 views

GnuTLS 资源管理错误漏洞

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in gnutls, which stems from the fact that free after-use of a client-sent key sharing extension may result in memory corruption and other consequences...

9.8CVSS7.1AI score0.03751EPSS
Exploits1References53
myhack58
myhack58
added 2014/11/04 12:0 a.m.21 views

Popular secure chat APP TextSecure presence of“unknown key sharing attack”vulnerability-vulnerability warning-the black bar safety net

! TextSecure is Android platform a encrypted chat APP, this free APP is designed in order to guarantee communication privacy. This APP by Open WhisperSystems developed, the code completelyopen sourcesupport end-to-end SMS encryption. Looks very safe is not? Recently, however, from Germany's Ruhr...

1.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

SSH 1.2.x Secure-RPC Weak Encrypted Authentication Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2222/info SSH is a package designed to encrypt traffic between two end points using the IETF specified SSH protocol. The SSH1 package is distributed and maintained by SSH Communications Security. A problem exists which...

7.1AI score
Exploits0
Rows per page
Query Builder