43 matches found
Astra Linux - уязвимость в thunderbird
The Matrix JavaScript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker working alongside a malicious home server could create messages that appeared to be sent by another person, without any indication such as a gray shield. Additionally, a sophisticated...
EUVD-2024-2372
Malicious code in bioql PyPI...
EUVD-2022-45042
Malicious code in bioql PyPI...
CVE-2022-41904
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
CVE-2022-39255
Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
GHSA-J8CM-G7R6-HFPQ vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
CVE-2024-40640
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
CVE-2024-40640
CVE-2024-40640 affects the vodozemac project (Rust) prior to version 0.7.0. The flaw is in a non-constant time base64 implementation used when importing key material for Megolm group sessions and for PkDecryption Ed25519 secret keys. This may allow a local attacker to observe timing variations du...
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
Usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material
Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...
CVE-2024-34063
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...
SUSE CVE-2022-39251
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...
CVE-2022-41904
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
Code injection
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability exists in Matrix Element iOS versions prior to 1.9.7, which stems from the fact that events it encrypts using Megolm sessions for which trust cannot be established are not trimmed...
PT-2022-26135 · Matrix · Element Ios
Name of the Vulnerable Software and Affected Versions: Element iOS versions prior to 1.9.7 Description: The issue affects the Element iOS client, which is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated...
CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly with warning shields. Therefore a malicious homeserver could inject messages into the...