USN-5525-1: Apache XML Security for Java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

Information Disclosure

riot-web is vulnerable to information disclosure.A logic error in the room key sharing functionality of Element Android allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix...