Filter
AND

Software

matrix synapse
10
matrix javascript sdk
5
matrix software development kit
4
matrix sydent
3
matrix dendrite
2
matrix matrix irc bridge
2
matrix gomatrixserverlib
1
matrix matrix-react-sdk
1
matrix matrix-rust-sdk
1
matrix react sdk
1

npm/matrix-react-sdkURL preview setting for a room is controllable by the homeserver in matrix-react-sdk

high
7.7
First published (updated )
CVE-2024-42347

Matrix React SdkPrototype pollution in matrix-react-sdk

high
8.2
First published (updated )
CVE-2022-36060

npm/matrix-js-sdkPrototype pollution in matrix-js-sdk

high
8.2
First published (updated )
CVE-2023-28427

Matrix Matrix-rust-sdkWhen matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

high
8.6
First published (updated )
CVE-2022-39252

Matrix Software Development KitMatrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

high
7.5
First published (updated )
CVE-2022-39257

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Matrix Software Development KitMatrix iOS SDK vulnerable ton Olm/Megolm protocol confusion

high
8.6
First published (updated )
CVE-2022-39255

Matrix Software Development Kitmatrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion

high
8.6
First published (updated )
CVE-2022-39248

Matrix Software Development Kitmatrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

high
7.5
First published (updated )
CVE-2022-39246

Mozilla ThunderbirdMatrix Javascript SDK vulnerable to impersonation via forwarded Megolm sessions

high
7.5
First published (updated )
CVE-2022-39249

Mozilla ThunderbirdMatrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

high
8.6
First published (updated )
CVE-2022-39250

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Mozilla ThunderbirdMatrix Javascript SDK vulnerable to Olm/Megolm protocol confusion

high
8.6
First published (updated )
CVE-2022-39251

Matrix Matrix Irc BridgeParsing issue in matrix-org/node-irc leading to room takeovers

high
8.8
First published (updated )
CVE-2022-39203

Matrix DendriteSignature checks not applied to some retrieved missing events

high
7.3
First published (updated )
CVE-2022-39200

Matrix SynapseSynapse vulnerable to denial of service (DoS) due to incorrect application of event authorization rules

high
7.5
First published (updated )
CVE-2022-31152

Mozilla ThunderbirdPrototype pollution in matrix-js-sdk

high
8.2
First published (updated )
CVE-2022-36059

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Matrix DendriteIncorrect parsing of access level in gomatrixserverlib and dendrite

high
8.8
First published (updated )
CVE-2022-36009

Matrix Matrix Irc BridgeImproper handling of multiline messages in matrix-appservice-irc

high
8.8
First published (updated )
CVE-2022-29166

Fedoraproject FedoraPath traversal in Matrix Synapse

high
7.5
First published (updated )
CVE-2021-41281

Matrix SydentSSRF in Sydent due to missing validation of hostnames

high
7.7
First published (updated )
CVE-2021-29431

Matrix SydentDenial of service attack via memory exhaustion

high
7.5
First published (updated )
CVE-2021-29430

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Matrix SynapseCross-site scripting (XSS) vulnerability in the password reset endpoint

high
8.2
First published (updated )
CVE-2021-21332

Fedoraproject FedoraInput Validation

high
7.5
First published (updated )
CVE-2020-26890

Matrix SydentWeak RNG

high
7.5
First published (updated )
CVE-2019-11842

Fedoraproject FedoraMatrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, us…

high
7.5
First published (updated )
CVE-2019-5885

pip/matrix-synapseMatrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified…

high
8.8
First published (updated )
CVE-2018-16515

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Matrix SynapseIn Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels e…

high
7.5
First published (updated )
CVE-2018-12423

Matrix SynapseThe on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a s…

high
7.5
First published (updated )
CVE-2018-12291

Matrix SynapseInput Validation

high
7.5
First published (updated )
CVE-2018-10657

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203