Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2025/12/05 5:47 p.m.2 views

CVE-2025-66549 Nextcloud Desktop discloses information when attempting to lock a file inside a end-to-end encrypted directory

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS6.2AI score0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/06 5:16 p.m.17 views

CVE-2024-42347 URL preview setting for a room is controllable by the homeserver in matrix-react-sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the...

7.7CVSS6.7AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2024/08/06 2:12 p.m.17 views

GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...

5.1CVSS6.6AI score0.00427EPSS
Exploits0References4
CNVD
CNVD
added 2023/09/26 12:0 a.m.17 views

Yunnan ChainDrop Technology Co., Ltd.'s Siyuan Notes Software Web Application Has XSS Vulnerability

SiYuan Notes Software Web App is a privacy-first personal knowledge management system that supports full offline use as well as end-to-end encrypted synchronization. Yunnan ChainDrop Technology Co., Ltd. has an XSS vulnerability in the Siyuan Notes Software Web application, which can be exploited...

5.8AI score
Exploits0
Veracode
Veracode
added 2023/04/18 8:33 p.m.35 views

Weak Encryption

nextcloud-desktop is vulnerable to Weak Encryption. The vulnerability allows a malicious server administrator to recover and modify contents of end-to-end encrypted files...

6.7CVSS6.1AI score0.00679EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2023/04/04 1:15 p.m.2 views

DEBIAN-CVE-2023-28998

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...

6.1CVSS6.3AI score0.00679EPSS
Exploits1References1
Kitploit
Kitploit
added 2022/10/10 11:30 a.m.26 views

HSTP - Simple Hyper Service Transfer Protocol On Networks

The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP...

6.9AI score
Exploits0References9
Prion
Prion
added 2021/09/13 7:15 p.m.19 views

Code injection

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

4.3CVSS5.5AI score0.00641EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/13 6:49 p.m.26 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.7AI score0.00641EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/09/13 6:45 p.m.14 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS5.5AI score0.00641EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/09/13 6:45 p.m.49 views

CVE-2021-40823

A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...

5.9CVSS5.5AI score0.00641EPSS
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/11/29 12:0 p.m.41 views

What Is the Signal Encryption Protocol?

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging...

2.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/01/17 10:24 a.m.13 views

Why WhatsApp's 'Backdoor' Isn't a Backdoor

Accusations that WhatsApp has a backdoor intended for eavesdropping on user messages is being loudly rebuked by Facebook-owned WhatsApp and Open Whisper Systems, the company that developed the underlying encryption technology for the platform. Dismissal of the published claims by The Guardian are...

6.8AI score
Exploits0References4
The Hacker News
The Hacker News
added 2016/05/08 9:48 p.m.8 views

How to Use Apple's iMessage on Android Phone

If you wish to send iMessages from your Android smartphone to a friend who owns an iPhone, it's possible now, at least for those who own MacBooks and iMacs. A developer has come up with a smart solution to bring Apple's iPhone messaging platform to Android phones. Though the solution is not...

6.7AI score
Exploits0
Rows per page
Query Builder