CVE-2022-22784

The Zoom Client for Meetings for Android, iOS, Linux, MacOS, and Windows before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users clien...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

CVE-2022-25131

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2022-25130

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3Firmware T6V3V4.1.5cu.748B20211015 and T10 V2Firmware V4.1.8cu.5207B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

CVE-2022-23605

CVE-2022-23605 affects Wire Webapp: expired ephemeral messages were not reliably removed from local chat history and, in affected versions prior to 2022-01-27-production.0, ephemeral messages/assets could be accessible via the local search function. Viewing a message in chat view triggers deletio...

CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

What is AMQP Protocol ❓ All you need to know

The cost-free and fast operations of the open-source tool have made them a preferred choice over their closed-source peers. Without putting any hard and fast restrictions on the users, open-source applications have become a norm these days. AMQP Standard is a commonly used messaging protocol used...

What is MQTT ❓ All you need to know.

Introduction Regardless of the application type, seamless information exchange between two points is a pivotal operational step. IoT or Internet of Things application development is on the rise and is not free from this crucial requirement. That’s where Message Queue Telemetry Protocol comes into...

UBUNTU-CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service crash via a crafted XMPP Last Message Correction XEP-0308 message in multi-user chat, where the message ID equals the correction ID...

The vulnerability of the Cisco Jabber software platform, related to insufficient protection of registration data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Cisco Jabber software platform is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially crafted XMPP message...

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

The vulnerability of the Cisco Jabber for Windows software platform, related to insufficient validation of input data, allows a perpetrator to trigger a service failure state.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure by sending specially crafted XMPP messages...

Cisco Jabber for Windows 安全漏洞

Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. Cisco Jabber suffers from a code execution vulnerability that stems from an email content validation error. An attacker could exploit thi...

IBM MQ Appliance 安全漏洞

The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM USA. A security vulnerability exists in the IBM MQ Appliance, which can be exploited by an attacker to trigger a denial of service by triggering a fatal error through the AMQP...

CVE-2018-10432

Pexip Infinity before 18 allows Remote Denial of Service TLS handshakes in RTMP...

IBM MQ and IBM MQ Appliance Trust Management Issues Vulnerabilities

IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...

USN-4308-2 twisted vulnerabilities

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject...

CVE-2020-3160

A vulnerability in the Extensible Messaging and Presence Protocol XMPP feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for users of XMPP conferencing applications. Other applications and processes are unaffected...

IBM MQ AMQP Listeners Session Fixation Vulnerability

IBM MQ IBM WebSphere MQ is a messaging middleware product from IBM. The product is mainly for the service-oriented architecture SOA to provide a reliable and proven messaging backbone. AMQP Listeners is one of the AMQP Advanced Message Queuing Protocol listener plug-in. A session fixation...