71 matches found
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...
PT-2024-32811 · Element · Element Web
Name of the Vulnerable Software and Affected Versions: Element Web versions 1.11.70 through 1.11.80 Description: The issue is related to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but oth...
element-web -- Potential exposure of access token via authenticated media
Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...
OPENSUSE-SU-2024:14289-1 element-web-1.11.75-1.1 on GA media
These are all security issues fixed in the element-web-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:14242-1 element-web-1.11.73-1.1 on GA media
These are all security issues fixed in the element-web-1.11.73-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12884-1 element-web-1.11.30-1.1 on GA media
These are all security issues fixed in the element-web-1.11.30-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13055-1 element-web-1.11.36-1.1 on GA media
These are all security issues fixed in the element-web-1.11.36-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11790-1 element-web-1.9.9-1.1 on GA media
These are all security issues fixed in the element-web-1.9.9-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12375-1 element-web-1.11.8-1.1 on GA media
These are all security issues fixed in the element-web-1.11.8-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12295-1 element-web-1.11.4-1.1 on GA media
These are all security issues fixed in the element-web-1.11.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12888-1 element-web-1.11.30-2.1 on GA media
These are all security issues fixed in the element-web-1.11.30-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12823-1 element-web-1.11.26-1.1 on GA media
These are all security issues fixed in the element-web-1.11.26-1.1 package on the GA media of openSUSE Tumbleweed...
FreeBSD : element-web -- Cross site scripting in Export Chat feature (c70c3dc3-258c-11ee-b37b-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c70c3dc3-258c-11ee-b37b-901b0e9408dc advisory. - Since the Export Chat feature generates a separate document, an attacker can only inject code run fro...
FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...
SUSE CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
CVE-2022-23597
Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...
CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
DEBIAN-CVE-2021-44538
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
Buffer overflow
The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...