Lucene search
K

3625 matches found

AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.42 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00865EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.46 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6AI score0.00624EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

Matrix 输入验证错误漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. Matrix Javascript SDK 17.1.0-rc.1 and later has an input validation error vulnerability that stems from the fact that its incorrectly formatted beacon event from MSC3488 could corrupt or prevent the matrix-js-sdk...

5.3CVSS7AI score0.00992EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2022/09/28 12:0 a.m.3 views

CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7.4AI score0.00938EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/09/28 12:0 a.m.24 views

CVE-2022-39236 Matrix Javascript SDK improper beacon events can cause availability issues

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

4.3CVSS6.9AI score0.00992EPSS
Exploits0References5
CVE
CVE
added 2022/09/28 12:0 a.m.81 views

CVE-2022-39264

CVE-2022-39264 affects the nheko desktop client for Matrix; all releases prior to 0.10.2 are vulnerable because homeservers can insert malicious secrets, enabling potential man‑in‑the‑middle attacks. The recommended fix is upgrading to v0.10.2. Workarounds mentioned include applying patches manua...

8.6CVSS6.2AI score0.00624EPSS
Exploits0References5Affected Software1
Mozilla
Mozilla
added 2022/09/28 12:0 a.m.264 views

Security Vulnerabilities fixed in Thunderbird 102.3.1 — Mozilla

Thunderbird users who use the Matrix chat protocol were vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server. Thunderbird users who use the Matrix chat protocol were vulnerable to an...

8.6CVSS3.3AI score0.00992EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/28 12:0 a.m.19 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00865EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in versions of Matrix matrix-android-sdk2 prior to 1.5.1, which stems from the fact that its matrix-android-sdk2 implements an overly lax key-forwarding policy on the receiving end...

7.5CVSS6.5AI score0.00626EPSS
Exploits0References5
CVE
CVE
added 2022/09/28 12:0 a.m.135 views

CVE-2022-39249

CVE-2022-39249 affects the Matrix Javascript SDK (matrix-js-sdk) prior to 19.7.0. A malicious homeserver can coordinate to craft messages that appear from another user due to a permissive key-forwarding policy. Starting with 19.7.0, the default policy was tightened to only accept forwarded keys i...

7.5CVSS7.9AI score0.00938EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/09/28 12:0 a.m.137 views

CVE-2022-39251

The CVE-2022-39251 vulnerability affects the Matrix Javascript SDK (matrix-js-sdk) prior to version 19.7.0. It stems from a protocol confusion bug that allowed to‑device messages encrypted with Megolm to be accepted as Olm, enabling an attacker coordinating with a malicious homeserver to craft me...

8.6CVSS8AI score0.00865EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.6 views

Matrix 授权问题漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in the Matrix iOS SDK prior to version 0.23.19, which stems from a lack of required checks in matrix-ios-sdk...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References5
CVE
CVE
added 2022/09/28 12:0 a.m.129 views

CVE-2022-39236

CVE-2022-39236 affects the Matrix JavaScript SDK (matrix-js-sdk). Starting with version 17.1.0-rc.1, improperly formed beacon events (MSC3488) can disrupt or impede the matrix-js-sdk’s operation, potentially preventing safe data processing. The SDK may appear functional while excluding or corrupt...

5.3CVSS6.2AI score0.00992EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/28 12:0 a.m.19 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.00865EPSS
Exploits0References7
OSV
OSV
added 2022/09/28 12:0 a.m.26 views

CVE-2022-39249 Matrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.3AI score0.00938EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.31 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6.9AI score0.00624EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.27 views

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5.3CVSS6.7AI score0.00992EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.22 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00865EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.36 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.1AI score0.00938EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.35 views

Oracle Linux 8 : thunderbird (ELSA-2022-6708)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-6708 advisory. 102.3.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.3.0-3 - Update to 102.3.0 build1 Tenable has...

8.8CVSS7.4AI score0.01342EPSS
Exploits0References11
Rows per page
Query Builder