561 matches found
EUVD-2023-25559
Malicious code in bioql PyPI...
EUVD-2022-36731
Malicious code in bioql PyPI...
EUVD-2022-52714
Malicious code in bioql PyPI...
EUVD-2022-33570
Malicious code in bioql PyPI...
CVE-2022-33692
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log...
CVE-2021-43633
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat...
[SECURITY] Fedora 40 Update: qt6-qtspeech-6.7.1-1.fc40
The module enables a Qt application to support accessibility features such as text-to-speech, which is useful for end-users who are visually challenged or cannot access the application for whatever reason. The most common use case where text-to-speech comes in handy is when the end-user is drivin...
CVE-2022-33692
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log...
Information disclosure
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log...
CVE-2022-33692
CVE-2022-33692 refers to an information-disclosure vulnerability in Samsung’s Message App on Samsung mobile devices. The available connected documents describe that prior to the SMR July 2022 Release 1, a local attacker could access IMSI and ICCID via logs produced by the Messaging application. T...
CVE-2022-33692
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log...
Design/Logic Flaw
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...
CVE-2022-29168 Cross Site Scripting in Wire Messages
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...
CVE-2022-31009 DoS vulnerability: Invalid Accent Colors
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The...
CVE-2022-31009
CVE-2022-31009 affects the Wire iOS client. The root cause is an unnecessary assert when converting an integer to an enum, causing an exception instead of a default fallback, which can crash the iOS Wire Client on startup. The issue is fixed in the wire-ios repo (commit caa0e27dbe51f9edfda8c7a9f0...
CVE-2022-31013
Chat Server (Vartalap) vulnerability CVE-2022-31013 affects versions 2.3.2–2.6.0. Root cause is a token validation bug where this.authProvider.verifyAccessKey is treated as asynchronous without awaiting results, enabling authentication bypass. A patch exists in version 2.6.0. Public references ac...
CVE-2022-23625
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...
CVE-2022-23625
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...
Code injection
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and...
CVE-2022-23625
CVE-2022-23625 affects Wire-ios on Apple iOS prior to version 3.95. Malformed resource identifiers can be generated and sent between Wire users, causing the iOS Wire Client to repeatedly crash on launch (DoS-like impact). The root cause is in the wire-ios-transport component, where code that remo...