CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages DMs between users may be manipulated by a man-in-the-middle attack...

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages DMs between users may be manipulated by a...

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures...

CVE-2024-36289

CVE-2024-36289 concerns FreeFrom - the nostr client prior to version 1.3.5. The vulnerability arises from reusing a nonce/key pair in encryption, enabling a man-in-the-middle to potentially manipulate the content of direct messages (DMs) between users. Affected platforms include Android and iOS a...

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages DMs between users may be manipulated by a man-in-the-middle attack...

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages DMs between users may be manipulated by a...

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures...

CVE-2024-36277

Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures...

CVE-2024-36277

CVE-2024-36277 concerns the Android/iOS app "FreeFrom - the nostr client" from FreeFrom K.K. The issue is an improper verification of cryptographic signatures (CWE-347) that prevents the app from detecting event data with invalid signatures. Affected versions are prior to 1.3.5. Reported impact i...

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in FreeFrom versions prior to 1.3.5, which stems from improper application cryptographic signature validation that fails to detect event data with invalid...

PT-2024-26947 · Freefrom · Freefrom

Name of the Vulnerable Software and Affected Versions: FreeFrom - the nostr client versions prior to 1.3.5 Description: The issue exists due to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. If exploited, the content of direct messages between users...

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in versions of FreeFrom prior to 1.3.5 that stems from the application's reuse of random number key pairs, resulting in direct message DM content between user...

FreeFrom Security Vulnerabilities

FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in FreeFrom the nostr client prior to version 1.3.5 that stems from the application having a dependency on obfuscating or encrypting security-related input...

JVN#55045256: Multiple vulnerabilities in "FreeFrom - the nostr client" App

"FreeFrom - the nostr client" App provided by FreeFrom K.K. contains multiple vulnerabilities listed below. Improper verification of cryptographic signature CWE-347 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 5.3 CVE-2024-36277 Reliance on obfuscation or encryption of security-relevan...

peaks-freefrom.com Cross Site Scripting vulnerability OBB-3223076

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...