Lucene search

Zulip Desktop Security Vulnerabilities

cve

CVE-2020-10857

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.

9.8CVSS

9.8AI Score

0.006EPSS

2021-02-05 08:15 PM

cve

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.

5.3CVSS

5.2AI Score

0.001EPSS

2021-02-05 08:15 PM

cve

CVE-2020-12637

Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.

9.8CVSS

9.4AI Score

0.002EPSS

2020-05-09 05:15 PM

cve

CVE-2020-24582

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.

6.1CVSS

5.9AI Score

0.001EPSS

2020-09-10 05:15 PM

cve

CVE-2020-9443

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.

6.1CVSS

6AI Score

0.001EPSS

2020-03-18 01:15 PM