EUVD-2022-42280

Malicious code in bioql PyPI...

Spotlight server-side Share Path Disclosure

Description As part of the Spotlight protocol, the initial request returns a path associated with the sharename targeted by the RPC request. Samba returns the real server-side share path at this point, as well as returning the absolute server-side path of results in search queries by clients. Kno...

CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

Design/Logic Flaw

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

UBUNTU-CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0...

PT-2022-7426 · Gajim +3 · Gajim +3

Name of the Vulnerable Software and Affected Versions: Gajim versions 1.4.7 and earlier Description: The issue allows attackers to correct messages that were not sent by them via crafted XML stanzas. The attacker needs to be part of the group chat or single chat. This can potentially impact the...

Tigase XMPP Server Stanza Smuggling

Tigase XMPP server: XMPP stanza smuggling via unescaped qutes Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to "smuggle" or, if you prefer, inject arbitrary attacker-controlled stanza in the XMPP...

feedparser Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

GHSA-77CR-6GR8-7RR9 Use After Free in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6...

What is XMPP ❓ — Extensible Messaging & Presence Protocol

What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...

CVE-2020-27195

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6...

CVE-2020-27195

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6...

CVE-2020-27195

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6...

CVE-2020-27195

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6...

PT-2020-16658 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.5 Description: The client file sandbox feature in HashiCorp Nomad and Nomad Enterprise can be subverted using either the template or artifact stanzas. This issue is related to a...

PYSEC-2019-1

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...