Lucene search
+L

72 matches found

OSV
OSV
added 2022/09/30 12:41 a.m.26 views

GHSA-R48R-J8FX-MQ2C matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS8AI score0.00913EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/09/30 12:41 a.m.29 views

matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion

Impact An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability...

8.6CVSS7.8AI score0.00913EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2022/09/28 9:15 p.m.25 views

Type confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.2AI score0.00753EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/28 8:35 p.m.46 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.5AI score0.00753EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 8:35 p.m.27 views

CVE-2022-39255 Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7.7AI score0.00753EPSS
Exploits0References6
NVD
NVD
added 2022/09/28 8:15 p.m.10 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS0.00913EPSS
Exploits0References5
OSV
OSV
added 2022/09/28 8:15 p.m.1 views

DEBIAN-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

7.5CVSS7.5AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2022/09/28 8:15 p.m.48 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.00753EPSS
Exploits0References4
Prion
Prion
added 2022/09/28 8:15 p.m.23 views

Design/Logic Flaw

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

5CVSS7.5AI score0.00753EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.35 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7.1AI score0.00913EPSS
Exploits0References6
OSV
OSV
added 2022/09/28 8:15 p.m.5 views

UBUNTU-CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS7AI score0.00913EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/09/28 8:5 p.m.54 views

CVE-2022-39248 matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS8.8AI score0.00753EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.53 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00913EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/28 12:0 a.m.21 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00913EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.35 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00913EPSS
Exploits0
OSV
OSV
added 2022/09/28 12:0 a.m.21 views

CVE-2022-39251 Matrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.3AI score0.00913EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0571)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01921EPSS
Exploits0References4
Mageia
Mageia
added 2021/12/19 4:13 p.m.35 views

Updated olm packages fix security vulnerability

Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

9.8CVSS1.6AI score0.01921EPSS
Exploits0References2
OSV
OSV
added 2021/12/19 4:13 p.m.6 views

MGASA-2021-0571 Updated olm packages fix security vulnerability

Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

9.8CVSS9.7AI score0.01921EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2021/12/15 1:45 p.m.24 views

USN-5194-1: Olm vulnerability

Denis Kasak discovered that Olm was not verifying the length of input being processed by the olmpkdecrypt module, which introduced a stack-based buffer overflow vulnerability to the library. An attacker could use this to cause a denial of service application crash or possibly execute arbitrary co...

9.8CVSS8.7AI score0.04262EPSS
Exploits1
Rows per page
Query Builder