Lucene search
K

528 matches found

OpenVAS
OpenVAS
added 2022/07/09 12:0 a.m.14 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2022-45bf6d4b88)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.01578EPSS
Exploits0References2
Fedora
Fedora
added 2022/07/08 1:37 a.m.32 views

[SECURITY] Fedora 35 Update: matrix-synapse-1.61.1-1.fc35

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

6.5CVSS6.4AI score0.01578EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.5 views

CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attack...

5.9CVSS6.6AI score0.02419EPSS
Exploits0References7
CNVD
CNVD
added 2022/04/15 12:0 a.m.23 views

Microsoft Skype for Business and Lync Spoofing Vulnerability

Microsoft Skype for Business Server is a secure, unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messaging, and sharing capabilities. A spoofing vulnerability exists in Microsoft Skype for Business and...

5.3CVSS5.3AI score0.02251EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/31 12:0 a.m.33 views

Jenkins instant-messaging Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

6.5CVSS1.2AI score0.00887EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/03/30 12:0 a.m.5 views

org.jenkins-ci.plugins:mypeople (>=0.3 <=0.3.0.3), org.jenkins-ci.plugins:skype-notifier (>=1.0 <=1.1.0) +2 more potentially affected by CVE-2022-28135 via org.jvnet.hudson.plugins:instant-messaging (>=1.0 <=1.4)

org.jvnet.hudson.plugins:instant-messaging MAVEN version =1.0, =0.3, =1.0, =2.0, =1.0, =unspecified Source cves: CVE-2022-28135 Source advisory: OSV:GHSA-HPM9-FX8V-W45V...

6.5CVSS6.5AI score0.00887EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/03/30 12:0 a.m.19 views

Plaintext storage in Jenkins instant-messaging Plugin

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS2.4AI score0.00887EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/30 12:0 a.m.24 views

GHSA-HPM9-FX8V-W45V Plaintext storage in Jenkins instant-messaging Plugin

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.6AI score0.00887EPSS
Exploits0References4
NVD
NVD
added 2022/03/29 1:15 p.m.28 views

CVE-2022-28135

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00887EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/29 1:15 p.m.3 views

CVE-2022-28135

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS5.9AI score0.00887EPSS
Exploits0References3
OSV
OSV
added 2022/03/29 1:15 p.m.19 views

CVE-2022-28135

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2022/03/29 1:15 p.m.18 views

Design/Logic Flaw

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

4CVSS6.4AI score0.00887EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/29 12:30 p.m.127 views

CVE-2022-28135

CVE-2022-28135 affects Jenkins’ instant-messaging Plugin (versions 1.41 and earlier). The vulnerability stems from passwords for group chats being stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing them to anyone with access to the controller filesyst...

6.5CVSS6.3AI score0.00887EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 12:30 p.m.24 views

CVE-2022-28135

Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

7AI score0.00887EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.4 views

Jenkins instant-messaging Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

6.5CVSS5.6AI score0.00887EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/29 12:0 a.m.5 views

PT-2022-18833 · Jenkins · Jenkins Instant-Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins instant-messaging Plugin versions 1.41 and earlier Description: The issue allows passwords for group chats to be stored unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins...

6.5CVSS6.5AI score0.00887EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2022/03/23 12:0 a.m.8 views

The vulnerability of the Adobe Connect instant messaging program, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

5.8CVSS7.3AI score0.0135EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/21 12:0 a.m.7 views

The vulnerability of Adobe Connect’s instant messaging program, related to violations of secure design principles, allows attackers to bypass security measures.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

5.8CVSS7.1AI score0.01568EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.6 views

The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of the Adobe Connect instant messaging program is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

4.3CVSS6.2AI score0.01088EPSS
Exploits0References4Affected Software1
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2022/01/25 1:46 p.m.28 views

What is XMPP ❓ — Extensible Messaging & Presence Protocol

What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...

6.9AI score
Exploits0
Rows per page
Query Builder