6 matches found
CVE-2025-58576
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...
EUVD-2024-2372
Malicious code in bioql PyPI...
PT-2024-31475 · Unknown +1 · Matrix Libolm +1
Name of the Vulnerable Software and Affected Versions: Matrix libolm versions through 3.2.16 Description: An issue was discovered in Matrix libolm, where cache-timing attacks can occur due to the use of base64 when decoding group session keys. This vulnerability only affects products that are no...
GHSA-J8CM-G7R6-HFPQ vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...