Vulnerabilities > Matrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-13 | CVE-2021-40823 | Authentication Bypass by Spoofing vulnerability in Matrix Javascript SDK A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |
| 2021-09-13 | CVE-2021-40824 | Authentication Bypass by Spoofing vulnerability in Matrix Element and Matrix-Android-Sdk2 A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |
| 2021-08-31 | CVE-2021-39164 | Information Exposure vulnerability in multiple products Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. | 3.1 |
| 2021-08-31 | CVE-2021-39163 | Information Exposure vulnerability in multiple products Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. | 3.1 |
| 2021-06-16 | CVE-2021-32659 | Missing Authentication for Critical Function vulnerability in Matrix Matrix-Appservice-Bridge Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. | 4.9 |
| 2021-06-16 | CVE-2021-34813 | Out-of-bounds Write vulnerability in Matrix OLM Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. | 9.8 |
| 2021-05-11 | CVE-2021-29471 | Insufficient Entropy vulnerability in multiple products Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). | 5.3 |
| 2021-04-15 | CVE-2021-29432 | Unspecified vulnerability in Matrix Sydent Sydent is a reference matrix identity server. | 5.7 |
| 2021-04-15 | CVE-2021-29431 | Server-Side Request Forgery (SSRF) vulnerability in Matrix Sydent Sydent is a reference Matrix identity server. | 6.5 |
| 2021-04-15 | CVE-2021-29430 | Allocation of Resources Without Limits or Throttling vulnerability in Matrix Sydent Sydent is a reference Matrix identity server. | 7.5 |