CVE-2020-0439

In generatePackageInfo of PackageManagerService.java, there is a possible permissions bypass due to an incorrect permission check. This could lead to local escalation of privilege that allows instant apps access to permissions not allowed for instant apps, with no additional execution privileges...

CVE-2020-24635

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aru...

CVE-2019-5319

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Insta...

CVE-2018-16417

Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection...

CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...

CVE-2002-1813

Directory traversal vulnerability in AOL Instant Messenger AIM 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link...

CVE-2002-2169

Cross-site scripting vulnerability AOL Instant Messenger AIM 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL...

CVE-2002-1953

Heap-based buffer overflow in the goim handler of AOL Instant Messenger AIM 4.4 through 4.8.2616 allows remote attackers to cause a denial of service crash via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy...

CVE-2005-1655

AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service client crash via an invalid smiley icon location in the sml parameter of a font tag...

CVE-2009-2435

The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

[SECURITY] Fedora 42 Update: matrix-synapse-1.127.1-1.fc42

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

USN-7430-1 dino-im vulnerability

Kim Alvefur discovered that Dino did not correctly sanitize certain messages. A remote attacker could possibly use this issue to leak sensitive information...

CVE-2025-27078

A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise...

PT-2025-15461 · Aruba · Aos-8 Instant +1

Name of the Vulnerable Software and Affected Versions: AOS-8 Instant versions prior to the fixed version AOS-10 AP versions prior to the fixed version Description: A vulnerability in the file creation process on the command line interface could allow an authenticated remote attacker to perform...

PT-2025-15460 · Aruba · Aos-8 Instant +1

Name of the Vulnerable Software and Affected Versions: AOS-8 Instant affected versions not specified AOS-10 AP versions up to 8.10.0.15 AOS-10 AP versions up to 8.12.0.3 AOS-10 AP versions up to 10.4.1.5 AOS-10 AP versions up to 10.7.0.1 Description: A vulnerability in a system binary could allow...

[SECURITY] Fedora 41 Update: matrix-synapse-1.118.0-4.fc41

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

[SECURITY] Fedora 40 Update: matrix-synapse-1.111.1-4.fc40

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Malicious code in @instant-messengers/vk-teams-bridge (npm)

--- -= Per source details. Do not edit below this line.=-...