Lucene search
K

3626 matches found

Fedora
Fedora
added 2022/10/03 12:23 a.m.37 views

[SECURITY] Fedora 37 Update: nheko-0.10.2-1.fc37

The motivation behind the project is to provide a native desktop app for Matrix that feels more like a mainstream chat app...

8.6CVSS2.5AI score0.00624EPSS
Exploits0
OSV
OSV
added 2022/09/30 10:56 p.m.16 views

GHSA-W4PR-4VJG-HFFH When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...

8.6CVSS7.1AI score0.00555EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/09/30 10:56 p.m.27 views

When matrix-nio receives forwarded room keys, the receiver doesn't check if it requested the key from the forwarder

When matrix-nio before 0.20 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious homeserver to inse...

8.6CVSS6.2AI score0.00555EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/30 10:51 p.m.16 views

GHSA-VP68-2WRM-69QM matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

6.5CVSS8.1AI score0.00485EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2022/09/30 10:51 p.m.5 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2022-39252 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2022-39252 Source advisory: OSV:GHSA-VP68-2WRM-69QM...

8.6CVSS7.1AI score0.00485EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/09/30 10:51 p.m.29 views

matrix-sdk-crypto contains potential impersonation via room key forward responses

Impact When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn't check that the device that responded matches the device the key was requested from. This allows a malicious...

8.6CVSS7.6AI score0.00485EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/30 10:46 p.m.7 views

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39250 via matrix-js-sdk (>=0.0.4 <=19.6.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39250 Source advisory: OSV:GHSA-5W8R-8PGJ-5JMF...

8.6CVSS7.1AI score0.00928EPSS
Exploits0
Veracode
Veracode
added 2022/09/30 6:19 a.m.25 views

Authentication Bypass

matrix-js-sdk is vulnerable to authentication bypass. A malicious server admin is able to break emoji-based verification when cross-signing is in use, authenticating themselves instead of the target user being verified. The vulnerability is possible because the library confuses device IDs and...

8.6CVSS8.1AI score0.00928EPSS
Exploits0References6Affected Software5
Jake Archibald's Blog
Jake Archibald's Blog
added 2022/09/30 1:0 a.m.15 views

Drawing a star with DOMMatrix

I recently recorded an episode of HTTP 203 on DOMPoint and DOMMatrix. If you'd rather watch the video version, here it is, but come back here for some bonus details on a silly mistake I made, which I almost got away with. DOMMatrix lets you apply transformations to DOMPoints. I find these APIs...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2022/09/30 1:0 a.m.5 views

Drawing a star with DOMMatrix

I recently recorded an episode of HTTP 203 on DOMPoint and DOMMatrix. If you'd rather watch the video version, here it is, but come back here for some bonus details on a silly mistake I made, which I almost got away with. DOMMatrix lets you apply transformations to DOMPoints. I find these APIs...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/30 12:41 a.m.4 views

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39251 via matrix-js-sdk (>=0.0.4 <=19.6.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39251 Source advisory: OSV:GHSA-R48R-J8FX-MQ2C...

8.6CVSS7.1AI score0.00865EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/30 12:40 a.m.4 views

@medicaa/trustie (>=0.0.1 <=0.0.3), @rocket.chat/forked-matrix-appservice-bridge (>=4.0.1 <=4.0.2) +24 more potentially affected by CVE-2022-39249 via matrix-js-sdk (>=0.0.4 <=19.6.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =4.0.1, =1.2.0, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.6.0, =1.0.33, =0.0.2, =0.1.0, =0.1.0, =0.0.1, =1.0.1, =1.0.3 and more Source cves: CVE-2022-39249 Source advisory: OSV:GHSA-6263-X97C-C4GG...

7.5CVSS7AI score0.00938EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/30 12:0 a.m.48 views

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2022-273-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-273-01 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1,...

8.6CVSS7AI score0.00992EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/29 8:48 p.m.20 views

Message Impersonation

Matrix SDK is vulnerable to message impersonation. An attacker with a malicious homeserver can construct messages appearing to have come from a specific person...

8.6CVSS7.3AI score0.0072EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2022/09/29 7:20 p.m.22 views

Impersonation Via Forwarded Sessions

Matrix SDK is vulnerable to message impersonation. An attacker with a malicious homeserver can construct messages appearing to have come from a specific person...

7.5CVSS7.9AI score0.00938EPSS
Exploits0References6Affected Software5
Wired Threat Level
Wired Threat Level
added 2022/09/29 4:0 p.m.9 views

A Matrix Update Patches Serious End-to-End Encryption Flaws

The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users...

4.3AI score
Exploits0
OSV
OSV
added 2022/09/29 3:15 p.m.4 views

DEBIAN-CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

6.5CVSS7AI score0.00555EPSS
Exploits0References1
NVD
NVD
added 2022/09/29 3:15 p.m.27 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS0.00555EPSS
Exploits0References2
NVD
NVD
added 2022/09/29 3:15 p.m.26 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS0.00485EPSS
Exploits0References4
Prion
Prion
added 2022/09/29 3:15 p.m.19 views

Code injection

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

5CVSS7.4AI score0.00485EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder