12 matches found
EUVD-2020-24766
Malware in sbrugna...
EUVD-2022-27927
Malicious code in bioql PyPI...
Cisco Jabber Input Validation Error Vulnerability
Cisco Jabber is a unified communications client solution from Cisco. An input validation error vulnerability exists in Cisco Jabber Client Software versions prior to 14.1.3, which stems from improper handling of nested XMPP messages in requests sent to Cisco Jabber Client Software, and could be...
The vulnerability of clients for conducting real-time audio and video conferences via Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows allows a hacker to perform spoofing attacks due to improper data analysis of XML messages in XMPP messages.
The vulnerability of clients for conducting real-time audio and video conferences using Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows is related to improper analysis of XML data in XMPP messages. Exploiting this vulnerability allows a malicious actor to perform a spoofing...
New Zoom vulnerabilities can compromise user devices with a single message
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Zoom has addressed four security flaws that, one of them if exploited, can compromise a user via chat by sending specially crafted Extensible Messaging and Presence Protocol XMPP messages and executing...
CVE-2022-22784
The Zoom Client for Meetings for Android, iOS, Linux, MacOS, and Windows before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users clien...
Zoom Client 安全漏洞
Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings prior to version 5.10.0 that stems from an inability to properly parse XML in XMPP messages, which can be exploited by an attacker to...
Cisco Jabber Code Execution Vulnerability
Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. Cisco Jabber suffers from a code execution vulnerability that stems from an email content validation error. An attacker could exploit thi...
Cisco Jabber Information Disclosure Vulnerability (CNVD-2021-22911)
Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. Cisco Jabber has an information disclosure vulnerability that can be exploited by an attacker by sending a crafted XMPP message to the...
CVE-2020-3495
A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence...
USN-2390-1 pidgin vulnerabilities
Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2014-3694 Yves Younan and Richard Johnson...
pidgin: DoS when handling timestamps in the XMPP plugin
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service application crash via a crafted timestamp value in an XMPP message...