176 matches found
USN-5512-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute...
GHSA-XMG8-99R8-JC2J Login screen allows message spoofing if SSO is enabled
Impact A vulnerability was found in Argo CD that allows an attacker to spoof error messages on the login screen when SSO is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As f...
CVE-2022-24905 Argo CD login screen allows message spoofing if SSO is enabled
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...
CVE-2022-24905
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...
ArgoCD 输入验证错误漏洞
ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...
UBUNTU-CVE-2022-21691
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...
CVE-2021-37624
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
Authentication flaw
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...
CVE-2021-37624
CVE-2021-37624 affects FreeSWITCH up to version 1.10.6, where SIP MESSAGE requests are not authenticated by default, allowing spam and message spoofing. The issue is mitigated by upgrading to 1.10.7, which patches the flaw; maintainers also recommend making MESSAGE authentication the default and ...
CVE-2018-4390
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...
Updated thunderbird packages fix security vulnerability
Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message CVE-2019-11755 It also fixes various other bugs, as listed in the releasenotes...
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could...
SUSE-SU-2019:1576-1 Security update for enigmail
This update for enigmail to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a 'correctly signed' message bsc1135855...
Cleartext Message Spoofing
github.com/golang/crypto is vulnerable to cleartext message spoofing. A remote attacker is able to spoof parts of the message via malicious messages containing control or unicode characters, to trick a user into performing an undesired action...
Go Cryptography Libraries Cleartext Message Spoofing
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext message spoofing product: Supplementary Go Cryptography Libraries vulnerable version: commit a5d413f7728c81fb97d96a2b722368945f651e78 branch master...
Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110)
Summary IBM DataPower Gateway has addressed the following vulnerability. CVE-2019-6110 Vulnerability Details CVEID: CVE-2019-6110 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by accepting and displaying arbitrary stderr output from the scp server. A...
Zoom Client Message Spoofing Vulnerability
Zoom Client is a video conferencing endpoint from Zoom USA that supports multiple platforms. A message spoofing vulnerability exists in Zoom Client. An attacker can construct malicious UDP packets to remotely control users using the desktop version of Zoom including MacOS, Linux, and Windows on t...
Zoom Client for Meetings 4.x < 4.1.34814.1119 Message Spoofing Vulnerability
The version of Zoom Client for Meetings installed on the remote Windows host is 4.x prior to 4.1.34814.1119. It is, therefore, affected by a message spoofing vulnerability. An attacker could leverage this vulnerability to perform restricted meeting operations. C Tenable Network Security, Inc...
Zoom Client for Meetings 4.x < 4.1.34801.1116 Message Spoofing Vulnerability (macOS)
The version of Zoom Client for Meetings installed on the remote macOS or Mac OS X host is 4.x prior to 4.1.34801.1116. It is, therefore, affected by a message spoofing vulnerability. An attacker could leverage this vulnerability to perform restricted meeting operations. C Tenable Network Security...
RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 7.0 (RHSA-2016:1332)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2016:1332 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security updat...