CVE-2021-35208

An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected...

HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs

Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...

Denial Of Service (DoS)

asterisk, edge is vulnerable to denial of service. It allows an attacker to trigger a crash by sending a declined stream in a response re-invite initiated by Asterisk...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

Buffer overflow

Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

CVE-2021-30481

Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21332 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21332 Source advisory: OSV:PYSEC-2021-133...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2021-21333 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21333 Source advisory: OSV:GHSA-C5F8-35QR-Q4FM...

ALPINE-CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

DEBIAN-CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first on...

PT-2021-14457

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.10 and earlier Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP, after an initial...

IBM API Connect 安全漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 10.0.1.1, 2018.4.1.0-2018.4.1.13. An attacker who intercepts a registration invitation link can use this vulnerability to impersonate a registered user or obtain...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +5 more potentially affected by CVE-2021-21274 via matrix-synapse (=1.153.0)

matrix-synapse PYPI version =1.153.0 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - matrix-server-isenguard =0.1.1, =0.1.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2021-21274 Source advisory:...

Cross site request forgery (csrf)

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key...

HackerOne: Ability to invite a new member on Sandbox Program

In the description HackerOne offers a sandbox for hackers to help them test program functionality for security vulnerabilities. To create a program, go here. You can select any product edition, giving you access to almost all features HackerOne offers. Hackers can create up to 30 programs in the...

Rocket.Chat: Registration bypass with leaked Invite Token

The Rocket.Chat API route 'validateInviteToken' was vulnerable to a registration bypass attack. The route allowed unauthenticated users to guess valid invite tokens by sending a crafted JSON payload with a regular expression. Once a valid token was obtained, the user could access private channels...

Matrix Synapse License Issue Vulnerability

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that a malicious or poorly implemented host server can inject malformed events by specifying different room ids in the pa...

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26890 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26890 Source advisory: OSV:GHSA-4MP3-385R-V63F...

Asterisk 17.6.0 / 17.5.1 Denial Of Service Exploit

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP. Asterisk crash due to INVITE flood over TCP - Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1 - Enable Security Advisory:...

ALPINE-CVE-2020-28327

A respjsipsession crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This...