CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2021/10/09 12:0 a.m.•16 views

Wire-server code issue vulnerability

Wire-server is a backup server for the open source Wire secure messaging application. Wire-server has a security vulnerability that could be exploited to trigger a user's email address change using only a short-term session token in the "Authorization" header...

9.8CVSS1.4AI score0.01EPSS

NVD•added 2021/10/04 7:15 p.m.•19 views

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

9.8CVSS0.01EPSS

OSV•added 2021/10/04 7:15 p.m.•17 views

CVE-2021-41100

9.8CVSS9.8AI score

Prion•added 2021/10/04 7:15 p.m.•22 views

Authentication flaw

7.5CVSS9.8AI score0.01EPSS

Cvelist•added 2021/10/04 6:25 p.m.•13 views

CVE-2021-41100 Account takeover when having only access to a user's short lived token in wire-server

7.4CVSS10AI score0.01EPSS

CVE•added 2021/10/04 6:25 p.m.•49 views

CVE-2021-41100

CVE-2021-41100 affects Wire-server (Wire’s backing server). A short-lived session token in the Authorization header can be used to change a user’s email, which may enable account takeover due to subsequent password changes. Public details indicate that Version 2021-08-16 and later added a new end...

9.8CVSS9.1AI score0.01EPSS

CNNVD•added 2021/10/04 12:0 a.m.•5 views

Wire 代码问题漏洞

9.8CVSS5.6AI score0.01EPSS

Exploits0References2

NVD•added 2021/09/30 8:15 p.m.•28 views

CVE-2021-41101

wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS Access-Control-Allow-Origin header set by nginz is set for all subdomains of .wire.com including wire.com. This means that if somebody were to find an XSS vector in any of the...

5.7CVSS0.00685EPSS

OSV•added 2021/09/30 8:15 p.m.•11 views

CVE-2021-41101

5.7CVSS6.1AI score

Prion•added 2021/09/30 8:15 p.m.•19 views

Design/Logic Flaw

3.5CVSS5.4AI score0.00685EPSS

Cvelist•added 2021/09/30 7:20 p.m.•25 views

CVE-2021-41101 CORS `Access-Control-Allow-Origin` settings are too lenient

5.7CVSS5.6AI score0.00685EPSS

CVE•added 2021/09/30 7:20 p.m.•50 views

CVE-2021-41101

CVE-2021-41101 affects wire-server prior to 2.106.0, where the CORS Access-Control-Allow-Origin header configured by nginz was too permissive, applying to all subdomains of wire.com. This enables a potential attacker to abuse any subdomain with an XSS vector to talk to the Wire API using the user...

5.7CVSS5.4AI score0.00685EPSS

CNNVD•added 2021/09/30 12:0 a.m.•4 views

Wire 跨站脚本漏洞

Wire is a chat software by an individual developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. A cross-site scripting vulnerability exists in Wire Wire-server, which can be used...

5.7CVSS5.6AI score0.00685EPSS

seebug.org•added 2021/05/13 12:0 a.m.•129 views

Microsoft Azure Virtual Machine信息泄露漏洞（CVE-2021-27075）

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

2.7CVSS0.1AI score0.01343EPSS

Exploits1

OSV•added 2021/03/26 10:15 p.m.•10 views

CVE-2021-21396

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...

6.5CVSS6.7AI score

NVD•added 2021/03/26 10:15 p.m.•19 views

CVE-2021-21396

6.5CVSS0.01093EPSS