Lucene search
K

3626 matches found

OSV
OSV
added 2022/09/28 8:5 p.m.28 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS7.8AI score0.0072EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/09/28 8:0 p.m.6 views

CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References4
CVE
CVE
added 2022/09/28 8:0 p.m.85 views

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

7.5CVSS5.5AI score0.00626EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/28 5:15 p.m.1 views

DEBIAN-CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS5.6AI score0.00992EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 5:15 p.m.12 views

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS0.00992EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/09/28 5:15 p.m.29 views

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS6.3AI score0.00992EPSS
Exploits0References6
Prion
Prion
added 2022/09/28 5:15 p.m.20 views

Design/Logic Flaw

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5CVSS6.5AI score0.00992EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/28 5:15 p.m.1 views

UBUNTU-CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS7AI score0.00992EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.5 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.5AI score0.00865EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.4 views

PT-2022-24849 · Unknown · Matrix Ios Sdk

Name of the Vulnerable Software and Affected Versions: Matrix iOS SDK versions prior to 0.23.19 Description: The issue allows an attacker, in cooperation with a malicious homeserver, to construct messages that appear to come from another person. These messages may be marked with a grey shield on...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.3 views

PT-2022-24840 · Unknown · Matrix-Android-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.4 views

CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

4.3CVSS5.2AI score0.00992EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.3 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix Javascript SDK prior to version 19.7.0, which stems from a lack of required checks in matrix-js-sdk...

8.6CVSS7.9AI score0.00865EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.5 views

PT-2022-24847 · Unknown · Matrix Ios Sdk

Name of the Vulnerable Software and Affected Versions: matrix-ios-sdk versions prior to 0.23.19 Description: The issue allows an attacker cooperating with a malicious homeserver to construct messages that appear to have come from another person without indication. A sophisticated attacker could...

8.6CVSS7.7AI score0.0072EPSS
Exploits0References8
OSV
OSV
added 2022/09/28 12:0 a.m.19 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.00865EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix iOS SDK prior to version 0.23.19, which stems from matrix-ios-sdk implementing an overly lax key forwarding policy...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-android-sdk2 versions prior to 1.5.1 stems from a problem with its protocol obfuscation leading to an attacker working with a malicious master server being able to constru...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.3 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix Javascript SDK prior to version 19.7.0, which stems from matrix-js-sdk implementing an overly lax key forwarding policy on the receiving end...

7.5CVSS7.9AI score0.00938EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.4 views

PT-2022-24839 · Unknown · Matrix-Android-Sdk2

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Matrix 输入验证错误漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix Javascript SDK 17.1.0-rc.1 and later has an input validation error vulnerability that stems from the fact that its incorrectly formatted beacon event from MSC3488 could corrupt or prevent the matrix-js-sdk...

5.3CVSS7AI score0.00992EPSS
Exploits0References11
Rows per page
Query Builder