265 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-27742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the...
Linux Distros Unpatched Vulnerability : CVE-2020-27739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE...
Linux Distros Unpatched Vulnerability : CVE-2021-37845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTL...
Linux Distros Unpatched Vulnerability : CVE-2020-27741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages...
Linux Distros Unpatched Vulnerability : CVE-2020-29547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS...
Malicious code in pinnacle_7dxeo_eg5my_citadel (npm)
The package pinnacle7dxeoeg5mycitadel was found to contain malicious code...
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...
CVE-2021-37845
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...
CVE-2021-0456
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2020-29547
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...
CVE-2020-27741
Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27740
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
certificate_authority (=0.1.0), citadel_crypt (>=0.4.0 <=0.7.0) +13 more potentially affected by unknown CVE via pqc_kyber (>=0.4.0 <=0.7.1)
pqckyber CARGO version =0.4.0, =0.4.0, =0.3.0, =0.1.0-alpha, =1.3.0, =0.1.0, =11.0.0, =0.1.0, =9.0.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.19, =0.1.24 - sare-core =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-X5J2-G63M-F8G4...
certificate_authority (=0.1.0), citadel_crypt (>=0.4.0 <=0.7.0) +13 more potentially affected by unknown CVE via pqc_kyber (>=0.4.0 <=0.7.1)
pqckyber CARGO version =0.4.0, =0.4.0, =0.3.0, =0.1.0-alpha, =1.3.0, =0.1.0, =11.0.0, =0.1.0, =9.0.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.19, =0.1.24 - sare-core =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0079...
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...
UBUNTU-CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user...