3626 matches found
CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...
CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...
CVE-2022-39246
matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...
DEBIAN-CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
Design/Logic Flaw
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
UBUNTU-CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
PT-2022-24849 · Unknown · Matrix Ios Sdk
Name of the Vulnerable Software and Affected Versions: Matrix iOS SDK versions prior to 0.23.19 Description: The issue allows an attacker, in cooperation with a malicious homeserver, to construct messages that appear to come from another person. These messages may be marked with a grey shield on...
PT-2022-24840 · Unknown · Matrix-Android-Sdk
Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...
CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
Matrix 授权问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix Javascript SDK prior to version 19.7.0, which stems from a lack of required checks in matrix-js-sdk...
PT-2022-24847 · Unknown · Matrix Ios Sdk
Name of the Vulnerable Software and Affected Versions: matrix-ios-sdk versions prior to 0.23.19 Description: The issue allows an attacker cooperating with a malicious homeserver to construct messages that appear to have come from another person without indication. A sophisticated attacker could...
CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
Matrix 授权问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix iOS SDK prior to version 0.23.19, which stems from matrix-ios-sdk implementing an overly lax key forwarding policy...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-android-sdk2 versions prior to 1.5.1 stems from a problem with its protocol obfuscation leading to an attacker working with a malicious master server being able to constru...
Matrix 授权问题漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix Javascript SDK prior to version 19.7.0, which stems from matrix-js-sdk implementing an overly lax key forwarding policy on the receiving end...
PT-2022-24839 · Unknown · Matrix-Android-Sdk2
Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,...
Matrix 输入验证错误漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix Javascript SDK 17.1.0-rc.1 and later has an input validation error vulnerability that stems from the fact that its incorrectly formatted beacon event from MSC3488 could corrupt or prevent the matrix-js-sdk...