Lucene search
+L

528 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/10/04 12:0 a.m.37 views

JVN#08237727: Citadel WebCit vulnerable to cross-site scripting on Instant Messaging facility

Citadel WebCit provided by Citadel contains a cross-site scripting vulnerability CWE-79. Impact When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. Solution Update the software Update the software to the lates...

5.4CVSS5AI score0.00444EPSS
Exploits0
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.6 views

Line Earthgarden_waiting Security Vulnerability

Line is the instant messaging platform of Line Inc. A security vulnerability exists in Line Earthgardenwaiting. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

6.5CVSS6.6AI score0.00384EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/09/19 12:0 a.m.17 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2023-c0696d7b53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.00981EPSS
Exploits1References2
Fedora
Fedora
added 2023/09/18 1:37 a.m.32 views

[SECURITY] Fedora 37 Update: matrix-synapse-1.80.0-5.fc37

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

6.5CVSS5.4AI score0.00981EPSS
Exploits1
The Hacker News
The Hacker News
added 2023/09/01 7:22 a.m.38 views

Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic

The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam campaigns initially started out on classified sites, on which scammers placed fake advertisements and used social engineering techniques to convince...

6.6AI score
Exploits0
NCSC
NCSC
added 2023/07/19 12:0 a.m.45 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications products. A malicious party could exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

9.8CVSS7.9AI score0.99615EPSS
Exploits37
Wired Threat Level
Wired Threat Level
added 2023/06/25 11:0 a.m.18 views

5 Ways to Make Your Instant Messaging More Secure

Make sure your chats are kept as private as you want them to be...

7AI score
Exploits0
Fedora
Fedora
added 2023/06/17 1:24 a.m.30 views

[SECURITY] Fedora 38 Update: matrix-synapse-1.85.2-1.fc38

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

5.4CVSS4.6AI score0.00752EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/06/12 12:0 a.m.22 views

Fedora: Security Advisory for matrix-synapse (FEDORA-2023-eb65439ec0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.1AI score0.00635EPSS
Exploits0References2
Fedora
Fedora
added 2023/06/11 1:59 a.m.31 views

[SECURITY] Fedora 37 Update: matrix-synapse-1.63.1-3.fc37

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

5CVSS5.2AI score0.00635EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/06/05 12:0 a.m.13 views

Debian: Security Advisory (DLA-3441-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01056EPSS
Exploits0References3
Debian
Debian
added 2023/06/02 4:10 p.m.43 views

[SECURITY] [DLA 3441-1] sofia-sip security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3441-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 02, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.8AI score0.01056EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/27 12:0 a.m.12 views

The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.

The vulnerability of Adobe Connect’s instant messaging program is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

5.3CVSS5.8AI score0.81875EPSS
Exploits4References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.6 views

SUSE CVE-2012-2214

proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service application crash via a sequence of XMPP file-transfer requests...

3.5CVSS6.6AI score0.02195EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.2 views

SUSE CVE-2016-2380

An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a...

4.3CVSS6.6AI score0.01764EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.5 views

SUSE CVE-2017-5589

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno 0.8.6 -...

5.9CVSS6.8AI score0.00679EPSS
Exploits2References5
NCSC
NCSC
added 2022/10/19 12:0 a.m.46 views

Vulnerabilities fixed in Oracle Communications Applications

Vulnerabilities have been fixed in Oracle Communications Applications. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...

10CVSS7.8AI score0.97906EPSS
Exploits36
Positive Technologies
Positive Technologies
added 2022/10/05 12:0 a.m.5 views

PT-2022-5100 · Cisco · Cisco Jabber

Name of the Vulnerable Software and Affected Versions: Cisco Jabber affected versions not specified Description: A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature could allow an authenticated, remote attacker to manipulate the content of XMPP...

5CVSS4.3AI score0.00887EPSS
Exploits0References6
NCSC
NCSC
added 2022/07/20 12:0 a.m.53 views

Vulnerabilities fixed in Oracle Communications Applications

Oracle has fixed vulnerabilities in the following products: Communications ASAP Communications Billing and Revenue Management Communications BRM - Elastic Charging Engine Communications Design Studio Communications Instant Messaging Server Communications Offline Mediation Controller Communication...

9.8CVSS9.4AI score0.99677EPSS
Exploits115
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.13 views

The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system allows a intruder to execute arbitrary commands with administrator privileges.

The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system is related to access control deficiencies. Exploiting this vulnerability could allow ...

6.8CVSS7.9AI score0.01166EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder