Lucene search
K

528 matches found

Cvelist
Cvelist
added 2021/08/31 4:0 p.m.35 views

CVE-2021-39163 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.1CVSS3.7AI score0.00892EPSS
Exploits0References5
CVE
CVE
added 2021/08/31 4:0 p.m.143 views

CVE-2021-39163

CVE-2021-39163 affects Matrix Synapse (Matrix.org) up to version 1.41.0, where unauthorised users could learn a room’s name, avatar, topic, and member count by knowing the room ID. Impact is limited to homeservers that have enable_group_creation set to true; administrators can already access this...

3.5CVSS3.7AI score0.00892EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2021/08/03 12:0 a.m.64 views

Telegram Cross-Site Scripting Vulnerability

Telegram is an instant messaging mobile application. version 0.6.1 of Telegram Web K Alpha is vulnerable to a cross-site scripting vulnerability that stems from the fact that Telegram Web K Alpha allows XSS to pass through document names. An attacker could exploit the vulnerability to execute...

6.1CVSS4.8AI score0.00619EPSS
Exploits0References1
Fedora
Fedora
added 2021/08/02 1:5 a.m.108 views

[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

8.2CVSS5.9AI score0.02164EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/08/02 12:0 a.m.17 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS7.1AI score0.02164EPSS
Exploits0References2
CNVD
CNVD
added 2021/07/14 12:0 a.m.14 views

Weak Password Vulnerability in IMWorks Instant Messaging Software

IMworks enterprise instant messaging software official version is an instant messaging tool launched by the enterprise information, can assist users to build a LAN intranet. IMWorks instant messaging software has a weak password vulnerability that can be exploited by attackers to obtain sensitive...

7AI score
Exploits0
CNVD
CNVD
added 2021/07/14 12:0 a.m.11 views

Denial of Service Vulnerability in WiseFaFa Chat Tool

WiseFaFaFa Chat Tool is a free instant messaging software. It has features such as instant messaging, automatic creation of business groups and business organization structure. A denial-of-service vulnerability exists in Huicong Fafa Chat Tool, which can be exploited by attackers to cause a...

7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/05/20 5:0 p.m.67 views

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

0.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/05/20 5:0 p.m.59 views

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

0.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.9 views

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

6.1CVSS6.9AI score0.01125EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.7 views

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of Adobe Connect’s instant messaging service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

6.1CVSS6.6AI score0.01188EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.6 views

The vulnerability of the Adobe Connect instant messaging program, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the administrator account’s context...

8.8CVSS7.1AI score0.03738EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/05/11 3:15 p.m.34 views

CVE-2021-29471

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

5.3CVSS6.8AI score0.01647EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/05/11 3:5 p.m.38 views

CVE-2021-29471 Denial of service in Matrix Synapse

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including eventmatch, which matches event...

3.7CVSS5.8AI score0.01647EPSS
Exploits0References4
OSV
OSV
added 2021/05/06 1:15 p.m.3 views

CVE-2021-1363

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted...

8.1CVSS5.9AI score0.01081EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.6 views

Trend Micro IM Security 授权问题漏洞

Trend Micro IM Security is an instant messaging security solution from Trend Micro. The product supports malware scanning, content filtering, URL filtering, file blocking and data loss prevention. An authorization issue vulnerability exists in Instant Messaging Security versions prior to 1.6 CP3...

8.1CVSS7.8AI score0.03901EPSS
Exploits0References4
OSV
OSV
added 2021/04/12 10:15 p.m.19 views

PYSEC-2021-25

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS1.7AI score0.00894EPSS
Exploits0References3
Prion
Prion
added 2021/04/12 10:15 p.m.24 views

Design/Logic Flaw

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

4.9CVSS6.5AI score0.00894EPSS
Exploits0References4Affected Software2
Debian CVE
Debian CVE
added 2021/04/12 9:50 p.m.21 views

CVE-2021-21392

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...

6.3CVSS6.2AI score0.00894EPSS
Exploits0
CVE
CVE
added 2021/04/12 9:50 p.m.110 views

CVE-2021-21392

Synapse (matrix-synapse) prior to version 1.28.0 is affected by a vulnerability where requests to user-provided domains could escape external IP restrictions on dual-stack networks due to transitional IPv6 addresses. This may allow outbound requests to internal infrastructure during federation, i...

6.3CVSS6.5AI score0.00894EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder