Lucene search
+L

71 matches found

osv
osv
added 2024/10/15 3:28 p.m.12 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS6.8AI score0.00417EPSS
Exploits0References4
cvelist
cvelist
added 2024/10/15 3:28 p.m.43 views

CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS0.00417EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/10/15 12:0 a.m.3 views

PT-2024-32811 · Element · Element Web

Name of the Vulnerable Software and Affected Versions: Element Web versions 1.11.70 through 1.11.80 Description: The issue is related to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but oth...

7CVSS7.1AI score0.00417EPSS
Exploits0References9
freebsd
freebsd
added 2024/10/15 12:0 a.m.9 views

element-web -- Potential exposure of access token via authenticated media

Element team reports: Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors...

7CVSS7.1AI score0.00417EPSS
Exploits0References1
osv
osv
added 2024/08/27 12:0 a.m.7 views

OPENSUSE-SU-2024:14289-1 element-web-1.11.75-1.1 on GA media

These are all security issues fixed in the element-web-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed...

5.3CVSS4.8AI score0.00455EPSS
Exploits0References1
osv
osv
added 2024/08/07 12:0 a.m.8 views

OPENSUSE-SU-2024:14242-1 element-web-1.11.73-1.1 on GA media

These are all security issues fixed in the element-web-1.11.73-1.1 package on the GA media of openSUSE Tumbleweed...

7.7CVSS7AI score0.00427EPSS
Exploits0References1
osv
osv
added 2024/06/15 12:0 a.m.6 views

OPENSUSE-SU-2024:12884-1 element-web-1.11.30-1.1 on GA media

These are all security issues fixed in the element-web-1.11.30-1.1 package on the GA media of openSUSE Tumbleweed...

5.4CVSS5AI score0.00617EPSS
Exploits0References1
osv
osv
added 2024/06/15 12:0 a.m.6 views

OPENSUSE-SU-2024:13055-1 element-web-1.11.36-1.1 on GA media

These are all security issues fixed in the element-web-1.11.36-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.9AI score0.00448EPSS
Exploits0References1
osv
osv
added 2024/06/15 12:0 a.m.6 views

OPENSUSE-SU-2024:11790-1 element-web-1.9.9-1.1 on GA media

These are all security issues fixed in the element-web-1.9.9-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.9AI score0.0148EPSS
Exploits0References1
osv
osv
added 2024/06/15 12:0 a.m.25 views

OPENSUSE-SU-2024:12375-1 element-web-1.11.8-1.1 on GA media

These are all security issues fixed in the element-web-1.11.8-1.1 package on the GA media of openSUSE Tumbleweed...

8.6CVSS6.8AI score0.01047EPSS
Exploits0References4
osv
osv
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:12295-1 element-web-1.11.4-1.1 on GA media

These are all security issues fixed in the element-web-1.11.4-1.1 package on the GA media of openSUSE Tumbleweed...

8.2CVSS6.9AI score0.0094EPSS
Exploits0References1
osv
osv
added 2024/06/15 12:0 a.m.17 views

OPENSUSE-SU-2024:12888-1 element-web-1.11.30-2.1 on GA media

These are all security issues fixed in the element-web-1.11.30-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.6AI score0.01093EPSS
Exploits1References1
osv
osv
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:12823-1 element-web-1.11.26-1.1 on GA media

These are all security issues fixed in the element-web-1.11.26-1.1 package on the GA media of openSUSE Tumbleweed...

8.2CVSS8.2AI score0.01185EPSS
Exploits0References1
nessus
nessus
added 2023/07/18 12:0 a.m.16 views

FreeBSD : element-web -- Cross site scripting in Export Chat feature (c70c3dc3-258c-11ee-b37b-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c70c3dc3-258c-11ee-b37b-901b0e9408dc advisory. - Since the Export Chat feature generates a separate document, an attacker can only inject code run fro...

6.1CVSS5.8AI score0.00448EPSS
Exploits0References3
nessus
nessus
added 2023/04/26 12:0 a.m.24 views

FreeBSD : element-web -- matrix-react-sdk vulnerable to HTML injection in search results via plaintext message highlighting (c676bb1b-e3f8-11ed-b37b-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c676bb1b-e3f8-11ed-b37b-901b0e9408dc advisory. - matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior ...

5.4CVSS5.1AI score0.00617EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:36 a.m.4 views

SUSE CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

8.1CVSS9.5AI score0.01921EPSS
Exploits0References6
cve
cve
added 2022/02/01 11:49 a.m.136 views

CVE-2022-23597

Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...

8.8CVSS8.8AI score0.0148EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2021/12/14 2:15 p.m.17 views

CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8CVSS0.01921EPSS
Exploits0References4
osv
osv
added 2021/12/14 2:15 p.m.2 views

DEBIAN-CVE-2021-44538

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

9.8CVSS9.1AI score0.01921EPSS
Exploits0References1
prion
prion
added 2021/12/14 2:15 p.m.20 views

Buffer overflow

The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...

7.5CVSS9.4AI score0.01921EPSS
Exploits0References4Affected Software6
Rows per page
Query Builder