528 matches found
Fedora: Security Advisory for matrix-synapse (FEDORA-2022-45bf6d4b88)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: matrix-synapse-1.61.1-1.fc35
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
CVE-2022-26491
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attack...
Microsoft Skype for Business and Lync Spoofing Vulnerability
Microsoft Skype for Business Server is a secure, unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messaging, and sharing capabilities. A spoofing vulnerability exists in Microsoft Skype for Business and...
Jenkins instant-messaging Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...
org.jenkins-ci.plugins:mypeople (>=0.3 <=0.3.0.3), org.jenkins-ci.plugins:skype-notifier (>=1.0 <=1.1.0) +2 more potentially affected by CVE-2022-28135 via org.jvnet.hudson.plugins:instant-messaging (>=1.0 <=1.4)
org.jvnet.hudson.plugins:instant-messaging MAVEN version =1.0, =0.3, =1.0, =2.0, =1.0, =unspecified Source cves: CVE-2022-28135 Source advisory: OSV:GHSA-HPM9-FX8V-W45V...
Plaintext storage in Jenkins instant-messaging Plugin
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
GHSA-HPM9-FX8V-W45V Plaintext storage in Jenkins instant-messaging Plugin
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28135
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28135
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28135
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-28135
CVE-2022-28135 affects Jenkins’ instant-messaging Plugin (versions 1.41 and earlier). The vulnerability stems from passwords for group chats being stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing them to anyone with access to the controller filesyst...
CVE-2022-28135
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
Jenkins instant-messaging Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...
PT-2022-18833 · Jenkins · Jenkins Instant-Messaging Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins instant-messaging Plugin versions 1.41 and earlier Description: The issue allows passwords for group chats to be stored unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins...
The vulnerability of the Adobe Connect instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Adobe Connect’s instant messaging program, related to violations of secure design principles, allows attackers to bypass security measures.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of the Adobe Connect instant messaging program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
What is XMPP ❓ — Extensible Messaging & Presence Protocol
What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...