Vulnerabilities > Matrix

DATE CVE VULNERABILITY TITLE RISK
2021-09-13 CVE-2021-40823 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Javascript SDK
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-09-13 CVE-2021-40824 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Matrix Element and Matrix-Android-Sdk2
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
matrix CWE-327
4.3
2021-08-31 CVE-2021-39164 Information Exposure vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
3.5
2021-08-31 CVE-2021-39163 Information Exposure vulnerability in multiple products
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
3.5
2021-06-16 CVE-2021-32659 Missing Authentication for Critical Function vulnerability in Matrix Matrix-Appservice-Bridge
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services.
network
matrix CWE-306
3.5
2021-06-16 CVE-2021-34813 Out-of-bounds Write vulnerability in Matrix OLM
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow.
network
low complexity
matrix CWE-787
7.5
2021-05-11 CVE-2021-29471 Resource Exhaustion vulnerability in Matrix Synapse
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix CWE-400
5.0
2021-04-15 CVE-2021-29433 Resource Exhaustion vulnerability in Matrix Sydent
Sydent is a reference Matrix identity server.
network
low complexity
matrix CWE-400
4.0
2021-04-12 CVE-2021-21393 Improper Input Validation vulnerability in Matrix Synapse
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
matrix CWE-20
4.3
2021-04-12 CVE-2021-21392 Open Redirect vulnerability in Matrix Synapse
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
matrix CWE-601
4.9