Vulnerabilities > Matrix

DATE CVE VULNERABILITY TITLE RISK
2021-09-13 CVE-2021-40824 Authentication Bypass by Spoofing vulnerability in Matrix Element and Matrix-Android-Sdk2
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room.
network
high complexity
matrix CWE-290
5.9
2021-08-31 CVE-2021-39164 Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
network
high complexity
matrix fedoraproject
3.1
2021-08-31 CVE-2021-39163 Matrix is an ecosystem for open federated Instant Messaging and Voice over IP.
network
high complexity
matrix fedoraproject
3.1
2021-06-16 CVE-2021-32659 Unspecified vulnerability in Matrix Matrix-Appservice-Bridge
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services.
network
low complexity
matrix
4.9
2021-06-16 CVE-2021-34813 Out-of-bounds Write vulnerability in Matrix OLM
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow.
network
low complexity
matrix CWE-787
critical
9.8
2021-05-11 CVE-2021-29471 Insufficient Entropy vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-331
5.3
2021-04-15 CVE-2021-29432 Unspecified vulnerability in Matrix Sydent
Sydent is a reference matrix identity server.
network
low complexity
matrix
5.7
2021-04-15 CVE-2021-29431 Unspecified vulnerability in Matrix Sydent
Sydent is a reference Matrix identity server.
network
low complexity
matrix
6.5
2021-04-15 CVE-2021-29430 Allocation of Resources Without Limits or Throttling vulnerability in Matrix Sydent
Sydent is a reference Matrix identity server.
network
low complexity
matrix CWE-770
7.5
2021-04-15 CVE-2021-29433 Unspecified vulnerability in Matrix Sydent
Sydent is a reference Matrix identity server.
network
low complexity
matrix
4.3