Lucene search
K

131 matches found

vulnersOsv
vulnersOsv
added 2024/01/07 12:0 p.m.6 views

alerter (>=0.3.0 <=0.3.1), maruc (=0.1.0) +9 more potentially affected by CVE-2024-52813 via matrix-sdk-crypto (>=0.1.0 <=0.5.0)

matrix-sdk-crypto CARGO version =0.1.0, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.13.1 Source cves: CVE-2024-52813 Source advisory: OSV:RUSTSEC-2024-0434...

4.3CVSS5.8AI score0.00467EPSS
Exploits0
RustSec
RustSec
added 2024/01/07 12:0 p.m.5 views

Missing facility to signal rotation of a verified cryptographic identity

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...

4.3CVSS7AI score0.00467EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.3 views

PT-2024-35461 · Unknown · Matrix-Sdk-Crypto

Name of the Vulnerable Software and Affected Versions: matrix-sdk-crypto versions prior to 0.8.0 Description: The issue concerns a lack of a dedicated mechanism to notify when a user's cryptographic identity changes from verified to unverified, potentially causing client applications to overlook...

4.3CVSS7.4AI score0.00467EPSS
Exploits0References13
OSV
OSV
added 2023/04/26 3:29 p.m.38 views

RLSA-2023:1809 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

8.8CVSS8.8AI score0.01185EPSS
Exploits0References13
Rockylinux
Rockylinux
added 2023/04/26 3:28 p.m.42 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...

8.8CVSS8.9AI score0.01185EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/04/17 2:15 p.m.7 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...

8.2CVSS7.3AI score0.01185EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/04/17 2:10 p.m.5 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

The Mozilla Foundation Security Advisory describes this flaw as: Thunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack...

8.2CVSS7.3AI score0.01185EPSS
Exploits0References7
Mageia
Mageia
added 2023/04/11 7:2 p.m.36 views

Updated thunderbird packages fix security vulnerability

Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...

8.2CVSS8.1AI score0.01185EPSS
Exploits0References3
OSV
OSV
added 2023/04/11 7:2 p.m.4 views

MGASA-2023-0132 Updated thunderbird packages fix security vulnerability

Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack. CVE-2023-28427...

8.2CVSS8.3AI score0.01185EPSS
Exploits0References4
OSV
OSV
added 2023/03/28 9:15 p.m.1 views

DEBIAN-CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

5.3CVSS6.4AI score0.0094EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

4.3CVSS9.1AI score0.01047EPSS
Exploits0References4
OSV
OSV
added 2022/11/11 8:28 p.m.3 views

USN-5724-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy CSP or other security restrictions, or execute...

8.8CVSS7AI score0.01342EPSS
Exploits0References16
Ubuntu
Ubuntu
added 2022/11/11 8:28 p.m.61 views

USN-5724-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy CSP or other security restrictions, or execute...

8.8CVSS7.7AI score0.01342EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.4 views

PT-2022-26135 · Matrix · Element Ios

Name of the Vulnerable Software and Affected Versions: Element iOS versions prior to 1.9.7 Description: The issue affects the Element iOS client, which is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated...

6.5CVSS6.2AI score0.0041EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.27 views

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:7184)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7184-1 advisory. - Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 - Mozilla:...

8.8CVSS7.6AI score0.01047EPSS
Exploits0References9
OSV
OSV
added 2022/10/25 8:22 p.m.16 views

GHSA-FC4H-XCF3-QJ5F matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/10/25 8:22 p.m.19 views

matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

4.3AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/25 3:27 p.m.39 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

8.8CVSS6.7AI score0.01047EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/10/25 2:53 p.m.5 views

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device...

8.6CVSS7.3AI score0.00942EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/25 2:37 p.m.44 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.7AI score0.01047EPSS
Exploits0References9
Rows per page
Query Builder