26 matches found
Microsoft Windows BitLocker 安全漏洞
Microsoft Windows BitLocker is a Microsoft Corporation USA BitLocker Ensure secure backup of recovery keys before activating protection. A security vulnerability exists in Microsoft Windows BitLocker that originates from an attacker's ability to bypass certain features by exploiting the...
EUVD-2024-1554
Malicious code in bioql PyPI...
EUVD-2022-41768
Malicious code in bioql PyPI...
CVE-2022-39255
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-39248
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...
CVE-2024-34353
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...
GHSA-9GGC-845V-GCGV matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Introduction In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides a redundant copy in case all devices are lost. The key backup uses asymmetric cryptography, with each server-side key backup assign...
CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...
CVE-2024-34353
The CVE-2024-34353 issue affects the matrix-sdk-crypto crate (part of the Matrix Rust SDK). A logic bug introduced in a specific commit caused the private part of the server-side backup key pair to be logged at debug time via the tracing crate, potentially exposing sensitive material on affected ...
CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...
CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account unde...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account unde...
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...
GHSA-FPGF-PJJV-2QGM matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...
GHSA-R48R-J8FX-MQ2C matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...
Cross-site Scripting (XSS)
Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...
Type confusion
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...