Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matrix element vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-40824
A logic error in the room key sharing functionality of Element Android prior to 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) prior to 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol m...
Matrix Element
Matrix Matrix-android-sdk2
9.8
CVSSv3
CVE-2021-44538
The olm_session_describe function in Matrix libolm prior to 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can co...
Matrix Element
Matrix Javascript Sdk
Matrix Olm
Schildi Schildichat
Cinny Project Cinny
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2022-41904
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could injec...
Element Element
5.9
CVSSv3
CVE-2021-40823
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) prior to 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by aff...
Matrix Javascript Sdk
8.8
CVSSv3
CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop prior to 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another b...
Element Desktop
1 Github repository
NA
CVE-2024-26131
Element Android is an Android Matrix Client. Element Android version 1.4.3 up to and including 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making...
NA
CVE-2024-26132
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 up to and including 1.6.12, to share files stored under the `files` directory in the application's private data directory to...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started