CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of servic...

CVE-2021-41101

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS Access-Control-Allow-Origin header set by nginz is set for all subdomains of .wire.com including wire.com. This means that if somebody were to find an XSS vector in any of the...

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

EUVD-2023-26856

Malicious code in bioql PyPI...

EUVD-2021-28240

Malicious code in bioql PyPI...

EUVD-2021-28250

Malicious code in bioql PyPI...

EUVD-2022-28579

Malicious code in bioql PyPI...

EUVD-2021-28239

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object...

CVE-2023-22737

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

CVE-2021-21396

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...

CVE-2023-22737

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

Design/Logic Flaw

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

CVE-2023-22737

The CVE-2023-22737 entry concerns wire-server, which prior to 2022-12-09 allowed any Conversation member to remove a Bot due to a missing permissions check. The root cause is an authorization gap in removing Bots from Conversations, which only admins should perform. Affected product: wire-server ...

CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular...

Design/Logic Flaw

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

PT-2023-18678 · Wire · Wire-Server

Name of the Vulnerable Software and Affected Versions: wire-server versions prior to 2022-12-09 Description: The issue is related to a missing permissions check in wire-server, which provides back end services for Wire, a team communication and collaboration platform. Due to this, every member of...