170 matches found
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix clients...
Linux Distros Unpatched Vulnerability : CVE-2022-39249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...
Linux Distros Unpatched Vulnerability : CVE-2022-39251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct...
Linux Distros Unpatched Vulnerability : CVE-2022-39250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious...
Linux Distros Unpatched Vulnerability : CVE-2024-47080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method...
Linux Distros Unpatched Vulnerability : CVE-2022-39236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede t...
CVE-2022-39218
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2024-30253
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with @solana/web3.js will result in memory exhaustion OOM. If you have a server, client, mobile, or desktop product that accepts untrusted input for use with @solana/web3.js, your application/service may crash, resulting in a...
PT-2025-38058
Name of the Vulnerable Software and Affected Versions: matrix-js-sdk versions prior to 38.2.0 Description: The Matrix JavaScript SDK has insufficient validation of room predecessor links in the MatrixClient::getJoinedRooms function, potentially allowing a remote attacker to replace a tombstoned...
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2024-11023
Firebase JavaScript SDK stores configuration data in a FIREBASE_DEFAULTS cookie, including an _authTokenSyncURL field. Connected sources describe that if an attacker can preset or modify this cookie, they can redirect the token sync URL to a malicious server and capture user session data transmit...
CVE-2024-11023 Session Hijacking in Firebase JavaScript SDK
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
UBUNTU-CVE-2024-50336
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...
Malicious code in airpay-js-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c58278d1a1134ca2368bd39a9425c1d5137f218539dfe6f346931927bc6e9a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CentOS 7 : thunderbird (RHSA-2022:6710)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6710 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects...
CentOS 7 : thunderbird (RHSA-2022:7184)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7184 advisory. - Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt ...
SUSE CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
DEBIAN-CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
UBUNTU-CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...