4936 matches found
RHSA-2010:0757 Red Hat Security Advisory: Red Hat Enterprise MRG Messaging security and bug fix update 1.2.2
Bulletin has no description...
The vulnerability in the xpub.cpp component of the ZeroMQ messaging library, related to improper memory release before deleting the last reference, allows a violator to trigger a service failure.
The vulnerability of the xpub.cpp component in the ZeroMQ messaging library relates to improper memory release before deleting the last reference. Exploiting this vulnerability could allow an attacker to cause a service failure...
Controller 6000和Controller 7000 安全漏洞
The Gallagher Controller 6000 and Gallagher Controller 7000 are both products of Gallagher New Zealand.The Gallagher Controller 6000 is an interface between a Gallagher Command Center server and distributed field hardware. The Gallagher Controller 7000 is a powerful network connected controller. ...
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on...
Symantec Messaging Gateway 9.5 Log File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...
Symantec Messaging Gateway 10 Exposure Of Stored AD Password
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' require "openssl" class MetasploitModule 'Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability', 'Description' = %q This module wi...
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...
Meshtastic device firmware 安全漏洞
Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in the Meshtastic device firmware that stems from a denial of service vulnerability in MQTT...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...
Malicious code in platform-client-messaging-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c2d8c135637c1c5dabdcf9238f0a282f34540de11eca662db70ccadf8260ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8036 Malicious code in platform-client-messaging-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c2d8c135637c1c5dabdcf9238f0a282f34540de11eca662db70ccadf8260ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures
Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said t...
The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) allows a perpetrator to trigger a service failure.
The vulnerability of the SIP call processing function of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures by...
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-42369
CVE-2024-42369 affects the matrix-js-sdk (JavaScript) where a malicious homeserver can craft a room structure whose predecessors form a cycle. This makes getRoomUpgradeHistory() recursively traverse and hang, and since this method is public and invoked by leaveRoomChain(), leaving a room can trig...
CVE-2024-42369 A room with itself as a its predecessor will freeze matrix-js-sdk
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
Friendica 安全漏洞
Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...
UBUNTU-CVE-2024-22123
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...
WordPress plugin Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Sender - Newsletter,...
CVE-2024-34617
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application...