Lucene search
K

131 matches found

Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.4 views

PT-2025-29132 · Unknown · Matrix-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-sdk versions 0.11 through 0.12 Description: An SQL injection vulnerability exists in the EventCache::find event with relations method. This allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly...

7.7CVSS8AI score0.00254EPSS
Exploits0References11
RustSec
RustSec
added 2025/06/11 12:0 p.m.10 views

matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

4.9CVSS7.2AI score0.00311EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/11 12:0 p.m.5 views

RUSTSEC-2025-0041 matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

4.9CVSS5.5AI score0.00311EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/06/11 2:45 a.m.3 views

SUSE CVE-2025-48937

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS6.9AI score0.00311EPSS
Exploits0References3
OSV
OSV
added 2025/06/10 8:15 p.m.9 views

GHSA-X958-RVG6-956W matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

4.9CVSS6.9AI score0.00311EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/06/10 8:15 p.m.17 views

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

4.9CVSS5AI score0.00311EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/10 3:32 p.m.8 views

CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
CVE
CVE
added 2025/06/10 3:32 p.m.117 views

CVE-2025-48937

The CVE-2025-48937 issue affects matrix-sdk-crypto (part of matrix-rust-sdk). Versions 0.8.0 through 0.11.0 do not properly validate the sender of an encrypted event, allowing a malicious homeserver operator to modify encrypted events served to clients so that recipients see them as from another ...

4.9CVSS5AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.4 views

CVE-2024-52813

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

4.3CVSS6.8AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.6 views

CVE-2024-40648

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

5.4CVSS6.6AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:34 a.m.5 views

CVE-2023-28103

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

8.2CVSS6.7AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:45 p.m.9 views

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS6.5AI score0.00906EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS6.6AI score0.00655EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:31 p.m.10 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS6.7AI score0.00753EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/05 3:51 a.m.2 views

SUSE CVE-2024-52813

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

4.3CVSS6.9AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2025/01/07 3:25 p.m.13 views

GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

4.3CVSS4.5AI score0.00467EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/01/07 3:25 p.m.3 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2024-52813 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2024-52813 Source advisory: OSV:GHSA-R5VF-WF4H-82GG...

4.3CVSS5.8AI score0.00467EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/07 3:25 p.m.17 views

matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

4.3CVSS4.5AI score0.00467EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/07 3:25 p.m.5 views

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

4.3CVSS6.5AI score0.00467EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/07 3:25 p.m.9 views

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

4.3CVSS7AI score0.00467EPSS
Exploits0References2
Rows per page
Query Builder