EUVD-2021-17400

Malware in sbrugna...

CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to...

CVE-2023-32678 Zulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that the...

Zulip 授权问题漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. An authorization issue vulnerability exists in Zulip 6.0 and prior versions, which stems from insufficient authorization...

Zulip 代码问题漏洞

Zulip is a powerful open source group chat application from the Zulip team. It is used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A code issue vulnerability exists in Zulip Server versions 2.1.0 and above, which stems from an error in the...

CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to...

CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to...

Design/Logic Flaw

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to...

CVE-2021-30477

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to...

CVE-2020-24216

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...

CVE-2017-0881

An error in the implementation of an autosubscribe feature in the checkstreamexists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affec...

opera -- multiple vulnerabilities

The Opera Desktop Team reports: Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson. Fixed an issue where manipulating the window could be used to spoof the page address. Fixed an issue with reloads and redirects that...