131 matches found
alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2024-52813 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)
matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2024-52813 Source advisory: OSV:RUSTSEC-2024-0434...
Missing facility to signal rotation of a verified cryptographic identity
Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...
PT-2024-35461 · Unknown · Matrix-Sdk-Crypto
Name of the Vulnerable Software and Affected Versions: matrix-sdk-crypto versions prior to 0.8.0 Description: The issue concerns a lack of a dedicated mechanism to notify when a user's cryptographic identity changes from verified to unverified, potentially causing client applications to overlook...
RLSA-2023:1809 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack
The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack
The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...
Updated thunderbird packages fix security vulnerability
Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...
MGASA-2023-0132 Updated thunderbird packages fix security vulnerability
Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...
DEBIAN-CVE-2022-36059
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...
SUSE CVE-2022-39236
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...
USN-5724-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy CSP or other security restrictions, or execute...
USN-5724-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy CSP or other security restrictions, or execute...
PT-2022-26135 · Matrix · Element Ios
Name of the Vulnerable Software and Affected Versions: Element iOS versions prior to 1.9.7 Description: The issue affects the Element iOS client, which is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:7184)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7184-1 advisory. - Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 - Mozilla:...
GHSA-FC4H-XCF3-QJ5F matrix-sdk 0.6.0 logs access tokens
When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...
matrix-sdk 0.6.0 logs access tokens
When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...