Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WireWire-server

3 matches found

CVE
CVEadded 2022/03/16 6:15 p.m.102 views

CVE-2022-23610

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possibl...

9.1CVSS8.1AI score0.00181EPSS
CVE
CVEadded 2022/04/13 7:15 p.m.64 views

CVE-2021-41119

Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a denial of service ...

7.5CVSS6AI score0.00407EPSS
CVE
CVEadded 2021/10/04 7:15 p.m.35 views

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of authenticati...

9.8CVSS9.1AI score0.003EPSS