Lucene search
+L

176 matches found

OSV
OSV
added 2022/07/14 9:28 a.m.6 views

USN-5512-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass CSP restrictions, or execute...

9.8CVSS6.8AI score0.23941EPSS
Exploits1References18
OSV
OSV
added 2022/05/24 12:26 p.m.68 views

GHSA-XMG8-99R8-JC2J Login screen allows message spoofing if SSO is enabled

Impact A vulnerability was found in Argo CD that allows an attacker to spoof error messages on the login screen when SSO is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As f...

4.3CVSS4.6AI score0.01215EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/05/20 2:5 p.m.5 views

CVE-2022-24905 Argo CD login screen allows message spoofing if SSO is enabled

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...

4.3CVSS4.3AI score0.01215EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/18 11:1 p.m.69 views

CVE-2022-24905

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...

4.3CVSS1AI score0.01215EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.31 views

ArgoCD 输入验证错误漏洞

ArgoCD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

4.3CVSS5.1AI score0.01215EPSS
Exploits0References10
OSV
OSV
added 2022/01/18 10:15 p.m.6 views

UBUNTU-CVE-2022-21691

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...

4.3CVSS5.8AI score0.00673EPSS
Exploits0References4
OSV
OSV
added 2021/10/25 4:15 p.m.16 views

CVE-2021-37624

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

7.5CVSS1.7AI score
Exploits0References5
Prion
Prion
added 2021/10/25 4:15 p.m.20 views

Authentication flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message...

5CVSS7.3AI score0.0352EPSS
Exploits5References5Affected Software1
CVE
CVE
added 2021/10/25 4:10 p.m.127 views

CVE-2021-37624

CVE-2021-37624 affects FreeSWITCH up to version 1.10.6, where SIP MESSAGE requests are not authenticated by default, allowing spam and message spoofing. The issue is mitigated by upgrading to 1.10.7, which patches the flaw; maintainers also recommend making MESSAGE authentication the default and ...

7.5CVSS7.4AI score0.0352EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2020/10/27 8:15 p.m.4 views

CVE-2018-4390

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

5.5CVSS8.2AI score0.00855EPSS
Exploits0References3
Mageia
Mageia
added 2019/10/03 8:23 p.m.39 views

Updated thunderbird packages fix security vulnerability

Updated thunderbird packages fix security vulnerability: Spoofing a message author via a crafted S/MIME message CVE-2019-11755 It also fixes various other bugs, as listed in the releasenotes...

7.5CVSS3.4AI score0.01075EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2019/07/16 9:31 a.m.120 views

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could...

1.4AI score
Exploits0
OSV
OSV
added 2019/06/20 10:49 a.m.4 views

SUSE-SU-2019:1576-1 Security update for enigmail

This update for enigmail to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2019-12269: Fixed an issue where a specially crafted inline PGP messages could spoof a 'correctly signed' message bsc1135855...

7.5CVSS7.4AI score0.0118EPSS
Exploits1References3
Veracode
Veracode
added 2019/05/14 7:10 a.m.27 views

Cleartext Message Spoofing

github.com/golang/crypto is vulnerable to cleartext message spoofing. A remote attacker is able to spoof parts of the message via malicious messages containing control or unicode characters, to trick a user into performing an undesired action...

5.9CVSS5.9AI score0.02002EPSS
Exploits2References8Affected Software2
Packet Storm
Packet Storm
added 2019/05/13 12:0 a.m.124 views

Go Cryptography Libraries Cleartext Message Spoofing

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext message spoofing product: Supplementary Go Cryptography Libraries vulnerable version: commit a5d413f7728c81fb97d96a2b722368945f651e78 branch master...

0.6AI score0.02002EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/08 8:55 p.m.60 views

Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110)

Summary IBM DataPower Gateway has addressed the following vulnerability. CVE-2019-6110 Vulnerability Details CVEID: CVE-2019-6110 DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by accepting and displaying arbitrary stderr output from the scp server. A...

6.8CVSS1.5AI score0.20906EPSS
Exploits8Affected Software1
CNVD
CNVD
added 2018/12/04 12:0 a.m.9 views

Zoom Client Message Spoofing Vulnerability

Zoom Client is a video conferencing endpoint from Zoom USA that supports multiple platforms. A message spoofing vulnerability exists in Zoom Client. An attacker can construct malicious UDP packets to remotely control users using the desktop version of Zoom including MacOS, Linux, and Windows on t...

9.8CVSS9.2AI score0.03487EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/11/28 12:0 a.m.103 views

Zoom Client for Meetings 4.x < 4.1.34814.1119 Message Spoofing Vulnerability

The version of Zoom Client for Meetings installed on the remote Windows host is 4.x prior to 4.1.34814.1119. It is, therefore, affected by a message spoofing vulnerability. An attacker could leverage this vulnerability to perform restricted meeting operations. C Tenable Network Security, Inc...

9.8CVSS8.3AI score0.03487EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/11/28 12:0 a.m.47 views

Zoom Client for Meetings 4.x < 4.1.34801.1116 Message Spoofing Vulnerability (macOS)

The version of Zoom Client for Meetings installed on the remote macOS or Mac OS X host is 4.x prior to 4.1.34801.1116. It is, therefore, affected by a message spoofing vulnerability. An attacker could leverage this vulnerability to perform restricted meeting operations. C Tenable Network Security...

9.8CVSS8.4AI score0.03487EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.36 views

RHEL 6 / 7 : Red Hat JBoss Enterprise Application Platform 7.0 (RHSA-2016:1332)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2016:1332 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security updat...

9.8CVSS7AI score0.04698EPSS
Exploits0References7
Rows per page
Query Builder