Lucene search
K

3625 matches found

OSV
OSV
added 2022/09/28 8:55 p.m.27 views

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References6
CVE
CVE
added 2022/09/28 8:35 p.m.84 views

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 8:35 p.m.8 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.0072EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/28 8:35 p.m.39 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.5AI score0.0072EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 8:35 p.m.23 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7.7AI score0.0072EPSS
Exploits0References6
NVD
NVD
added 2022/09/28 8:15 p.m.19 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS0.00938EPSS
Exploits0References6
NVD
NVD
added 2022/09/28 8:15 p.m.9 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS0.00865EPSS
Exploits0References5
OSV
OSV
added 2022/09/28 8:15 p.m.1 views

DEBIAN-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

7.5CVSS7.5AI score0.00865EPSS
Exploits0References1
OSV
OSV
added 2022/09/28 8:15 p.m.0 views

DEBIAN-CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS6.7AI score0.00938EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 8:15 p.m.33 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.0072EPSS
Exploits0References4
NVD
NVD
added 2022/09/28 8:15 p.m.26 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS0.00626EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 8:15 p.m.2 views

UBUNTU-CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7AI score0.00938EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.45 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7AI score0.00938EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.31 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7.1AI score0.00865EPSS
Exploits0References6
Prion
Prion
added 2022/09/28 8:15 p.m.14 views

Type confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.9AI score0.00865EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/28 8:15 p.m.19 views

Design/Logic Flaw

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

5CVSS7.8AI score0.00938EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/09/28 8:15 p.m.2 views

UBUNTU-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7AI score0.00865EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/09/28 8:5 p.m.6 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS8.6AI score0.0072EPSS
Exploits0References4
CVE
CVE
added 2022/09/28 8:5 p.m.89 views

CVE-2022-39248

Summary (Mode C): CVE-2022-39248 affects matrix-android-sdk2 prior to 1.5.1. A protocol confusion vulnerability permits an attacker cooperating with a malicious homeserver to craft to-device messages that appear to originate from another user, bypassing indicators like a grey shield. In a targete...

8.6CVSS7.7AI score0.0072EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/28 8:5 p.m.51 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS8.8AI score0.0072EPSS
Exploits0References4
Rows per page
Query Builder