MiracleLinux 9 : thunderbird-102.4.0-1.el9.ML.1 (AXSA:2022-4248:24)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4248:24 advisory. Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 Mozilla: Matrix...

CVE-2024-34353

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

EUVD-2021-0602

Malware in sbrugna...

EUVD-2024-2571

Malicious code in bioql PyPI...

EUVD-2022-4389

Malicious code in bioql PyPI...

EUVD-2025-21024

Malicious code in bioql PyPI...

CVE-2025-59160

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2024-40648

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

CVE-2024-52813

CVE-2024-52813 concerns matrix-sdk-crypto in the matrix-rust-sdk. Version pre-0.8.0 lacks a dedicated mechanism to notify when a user’s cryptographic identity changes from verified to unverified, potentially causing clients to overlook such changes. The fix introduced in 0.8.0 adds a new Verifica...

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

GHSA-F83W-WQHC-CFP4 Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...

Matrix SDK for React's URL preview setting for a room is controllable by the homeserver

Impact A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server. Even if the CVSS score would be 4.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N the...

CVE-2024-34353 matrix-sdk-crypto contains a log exposure of private key of the server-side key backup

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. In Matrix, the server-side key backup stores encrypted copies of Matrix message keys. This facilitates key sharing between a user's devices and provides ...

CVE-2024-34353

The CVE-2024-34353 issue affects the matrix-sdk-crypto crate (part of the Matrix Rust SDK). A logic bug introduced in a specific commit caused the private part of the server-side backup key pair to be logged at debug time via the tracing crate, potentially exposing sensitive material on affected ...

RLSA-2023:1809 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...