Lädt...


🕵️ CVE-2022-39246


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: web.nvd.nist.gov

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more strict in the matrix-android-sdk2. The matrix-android-sdk2 will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). As a workaroubnd, current users of the SDK can disable key forwarding in their forks using `CryptoService#enableKeyGossiping(enable: Boolean)`. ...

🕵️ Bugtraq: Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831


📈 3.22 Punkte
🕵️ Sicherheitslücken

🕵️ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


📈 2.41 Punkte
🕵️ Sicherheitslücken

🕵️ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


📈 2.41 Punkte
🕵️ Sicherheitslücken

📰 Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


📈 2.41 Punkte
📰 IT Security Nachrichten

📰 Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)


📈 2.41 Punkte
📰 IT Security Nachrichten

⚠️ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


📈 1.61 Punkte
⚠️ PoC

🕵️ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


📈 1.61 Punkte
🕵️ Sicherheitslücken

⚠️ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


📈 1.61 Punkte
⚠️ PoC

🕵️ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


📈 1.61 Punkte
🕵️ Sicherheitslücken

🕵️ Bugtraq: Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]


📈 1.61 Punkte
🕵️ Sicherheitslücken

⚠️ Is CVE-2017-0199 the new CVE-2012-0158?


📈 1.61 Punkte
⚠️ Malware / Trojaner / Viren

🕵️ Bugtraq: Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674]


📈 1.61 Punkte
🕵️ Sicherheitslücken

matomo