EUVD-2022-41769

Malicious code in bioql PyPI...

CVE-2022-42443

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-42443 Trusteer for mobile file upload

An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535...

CVE-2023-43585

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2022-39257

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-39255

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

Type confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

Design/Logic Flaw

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-39257

The CVE concerns Matrix iOS SDK prior to 0.23.19, where a too-permissive key forwarding policy allows an attacker coordinating with a malicious homeserver to create messages that appear to come from another user. The SDK now enforces stricter forwarding: forwarded keys are accepted only in respon...

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

CVE-2022-39255

Summary (CVE-2022-39255): The Matrix iOS SDK (prior to 0.23.19) is vulnerable to protocol confusion between Megolm and Olm for to-device messages. An attacker collaborating with a malicious homeserver can craft messages that appear to come from another user, enabling impersonation and targeted at...

PT-2022-24847 · Unknown · Matrix Ios Sdk

Name of the Vulnerable Software and Affected Versions: matrix-ios-sdk versions prior to 0.23.19 Description: The issue allows an attacker cooperating with a malicious homeserver to construct messages that appear to have come from another person without indication. A sophisticated attacker could...

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...