41 matches found
Chatwork 安全漏洞
Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork versions prior to 2.9.2, which stems from the use of potentially dangerous functions that, if a user clicks on a specially constructed link in the application, could download and execute...
JVN#78335885: Chatwork Desktop Application (Windows) uses a potentially dangerous function
Chatwork Desktop Application Windows provided by kubell Co., Ltd. contains an issue with use of potentially dangerous function CWE-676, which allows a user to access an external website via a link in the application. Impact If a user clicks a specially crafted link in the application, an arbitrar...
CVE-2023-32546
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
CVE-2023-32546
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
CVE-2023-32546
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
Code injection
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
Chatwork Desktop Application (Mac) vulnerable to code injection
Overview Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Koh M. Nakagawa of FFRI Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
CVE-2023-32546
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
Chatwork 代码注入漏洞
Chatwork is a business group chat application from Chatwork, Inc. A security vulnerability exists in Chatwork Desktop Application version 2.6.43 and earlier, which stems from a code injection vulnerability that allows a non-administrative user to store and access audio and image data for the...
JVN#96828492: Chatwork Desktop Application (Mac) vulnerable to code injection
Chatwork Desktop Application Mac provided by Chatwork Co., Ltd. contains a code injection vulnerability CWE-94. Impact A non-administrative user of the Mac on which the product is installed may store and obtain audio and image data with no user-consent from the product. Solution Update the softwa...
CVE-2023-32546
CVE-2023-32546 concerns the Chatwork Desktop Application (Mac) up to version 2.6.43, where a code injection vulnerability (CWE-94) could allow a non-administrative user to store and access audio and image data from the product without user consent. The issue is localized (Mac) and exists in older...
CVE-2023-32546
Code injection vulnerability exists in Chatwork Desktop Application Mac 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent...
br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)
org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...
br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-1003011 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.5)
org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-1003011 Source advisory: OSV:GHSA-23H9-M55M-C5JP...
CVE-2018-0648
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2018-0648
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2018-0648
CVE-2018-0648 affects the ChatWork Desktop App for Windows 2.3.0 and earlier: the installer is vulnerable to insecure DLL search path (CWE-427), allowing arbitrary code execution with the installer's user privileges. Root cause is DLL search path handling in the Windows installer. Mitigation: use...
CVE-2018-0648
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Installer of ChatWork Desktop App for Windows may insecurely load Dynamic Link Libraries
Overview Installer of ChatWork Desktop App for Windows provided by ChatWork Co,. LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Hamasaki Hiroki of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...