Show filters
53 Total Results
Displaying 31-40 of 53
Sort by:
Attacker Value
Unknown
CVE-2020-10857
Disclosure Date: February 05, 2021 (last updated November 28, 2024)
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
0
Attacker Value
Unknown
CVE-2020-10858
Disclosure Date: February 05, 2021 (last updated February 22, 2025)
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
0
Attacker Value
Unknown
CVE-2020-24582
Disclosure Date: September 10, 2020 (last updated February 22, 2025)
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
0
Attacker Value
Unknown
CVE-2020-15070
Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
0
Attacker Value
Unknown
CVE-2020-12759
Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
0
Attacker Value
Unknown
CVE-2020-14215
Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
0
Attacker Value
Unknown
CVE-2020-14194
Disclosure Date: August 21, 2020 (last updated February 22, 2025)
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
0
Attacker Value
Unknown
CVE-2020-12637
Disclosure Date: May 09, 2020 (last updated February 21, 2025)
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.
0
Attacker Value
Unknown
CVE-2020-9445
Disclosure Date: April 20, 2020 (last updated February 21, 2025)
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
0
Attacker Value
Unknown
CVE-2020-9444
Disclosure Date: April 20, 2020 (last updated February 21, 2025)
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
0
