Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-6668

Malicious code in bioql PyPI...

7.5CVSS6.2AI score0.00626EPSS
Exploits0References6
Veracode
Veracode
added 2022/10/04 4:44 a.m.21 views

Authentication Bypass

Matrix Android SDK 2 is vulnerable to authentication bypass. The vulnerability exists in onRoomKeyEvent function of DefaultCryptoService.kt due to lack of entity authentication for key forwarding strategy which allows an attacker to cooperate with a malicious home server...

7.5CVSS5.5AI score0.00626EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2022/09/29 6:54 a.m.17 views

Cross-site Scripting (XSS)

Matrix Android SDK 2 is vulnerable to cross-site scripting.The vulnerability exists in multiple functions in MXMegolmDecryption.kt due to a protocol confusion in order to send fake to-device messages which allows an attacker to inject the key backup secret during a self-verification...

8.6CVSS7.1AI score0.0072EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/28 8:15 p.m.47 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.0072EPSS
Exploits0References4
NVD
NVD
added 2022/09/28 8:15 p.m.42 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS0.00626EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/28 8:5 p.m.7 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS8.6AI score0.0072EPSS
Exploits0References4
CVE
CVE
added 2022/09/28 8:5 p.m.93 views

CVE-2022-39248

Summary (Mode C): CVE-2022-39248 affects matrix-android-sdk2 prior to 1.5.1. A protocol confusion vulnerability permits an attacker cooperating with a malicious homeserver to craft to-device messages that appear to originate from another user, bypassing indicators like a grey shield. In a targete...

8.6CVSS7.7AI score0.0072EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/09/28 8:0 p.m.85 views

CVE-2022-39246

matrix-android-sdk2 (Android Matrix SDK) before version 1.5.1 is vulnerable: an attacker collaborating with a malicious homeserver can craft messages that appear from another user due to an overly permissive key-forwarding policy. Starting with 1.5.1, the default key-forwarding policy is stricter...

7.5CVSS5.5AI score0.00626EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/28 8:0 p.m.7 views

CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.3 views

PT-2022-24840 · Unknown · Matrix-Android-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages that appear to have come from another person without any indication. This vulnerability can be used to perform...

8.6CVSS7.5AI score0.0072EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.4 views

PT-2022-24839 · Unknown · Matrix-Android-Sdk2

Name of the Vulnerable Software and Affected Versions: matrix-android-sdk2 versions prior to 1.5.1 Description: An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2022/09/23 12:0 a.m.78 views

Matrix clients -- several vulnerabilities

Matrix developers report: Two critical severity vulnerabilities in end-to-end encryption were found in the SDKs which power Element, Beeper, Cinny, SchildiChat, Circuli, Synod.im and any other clients based on matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk2...

8.6CVSS2.6AI score0.01001EPSS
Exploits0References1
NVD
NVD
added 2021/09/13 7:15 p.m.26 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.9CVSS0.00641EPSS
Exploits0References2
OSV
OSV
added 2021/09/13 7:15 p.m.23 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.9CVSS6.5AI score
Exploits0References2
CVE
CVE
added 2021/09/13 6:49 p.m.96 views

CVE-2021-40824

The CVE-2021-40824 issue affects Element Android prior to 1.2.2 and matrix-android-sdk2 (Matrix SDK for Android). A logic error in the room key sharing functionality allows a malicious Matrix homeserver in an encrypted room to steal room encryption keys via crafted Matrix protocol messages, enabl...

5.9CVSS5.4AI score0.00641EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/09/13 6:49 p.m.26 views

CVE-2021-40824

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 aka Matrix SDK for Android before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were...

5.7AI score0.00641EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.6 views

Element Android 加密问题漏洞

Element Android is the Android Matrix client provided by Element. A cryptographic issue vulnerability exists in Element Android prior to version 1.2.2 and matrix-android-sdk2 prior to version 1.2.2, which stems from a logic error in the device's room key sharing functionality that results in...

5.9CVSS5.9AI score0.00641EPSS
Exploits0References4
Rows per page
Query Builder