CVE-2021-41119
- EPSS 0.49%
- Veröffentlicht 13.04.2022 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:30
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time ...
CVE-2022-23610
- EPSS 0.13%
- Veröffentlicht 16.03.2022 18:15:11
- Zuletzt bearbeitet 21.11.2024 06:48:55
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In ...
CVE-2021-41100
- EPSS 0.3%
- Veröffentlicht 04.10.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:28
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short...