Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wire-Server Security Vulnerabilities

cve
cve

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of authenticati...

9.8CVSS

9.8AI Score

0.002EPSS

2021-10-04 07:15 PM
25
cve
cve

CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service ...

7.5CVSS

7.2AI Score

0.001EPSS

2022-04-13 07:15 PM
52
cve
cve

CVE-2022-23610

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possibl...

9.1CVSS

8AI Score

0.002EPSS

2022-03-16 06:15 PM
88