NotCVE - vendor:"Zulipchat" product:"Zulip Desktop" version:" >= 0.5.10

5 results (0.011 seconds)

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

CVE-2020-10857

https://notcve.org/view.php?id=CVE-2020-10857

05 Feb 2021 — Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. Zulip Desktop versiones anteriores a 5.0.0, usa inapropiadamente shell.openExternal y shell.openItem con contenido que no es confiable, conllevando a una ejecución de código remota • https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10858

https://notcve.org/view.php?id=CVE-2020-10858

05 Feb 2021 — Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler. Zulip Desktop versiones anteriores a 5.0.0, permite a atacantes llevar a cabo grabaciones por medio de la cámara web y el micrófono debido a una falta de un gestor de peticiones de permisos • https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release • CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-24582

https://notcve.org/view.php?id=CVE-2020-24582

10 Sep 2020 — Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. Zulip Desktop versiones anteriores a 5.4.3, permite un ataque de tipo XSS porque el escape de cadenas se maneja inapropiadamente durante la composición del HTML para la interfaz de usuario • https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12637

https://notcve.org/view.php?id=CVE-2020-12637

09 May 2020 — Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. Zulip Desktop versiones anteriores a 5.2.0, presenta una Falta de Comprobación del Certificado SSL, porque toda la comprobación fue deshabilitada inadvertidamente durante un intento de reconocer la opción ignoreCerts. • https://blog.zulip.org/2020/05/06/zulip-desktop-5-2-0-security-release • CWE-295: Improper Certificate Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-9443

https://notcve.org/view.php?id=CVE-2020-9443

18 Mar 2020 — Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82. Zulip Desktop versiones anteriores a 4.0.3, cargó contenido no confiable en una vista web de Electron con la seguridad web deshabilitada, lo cual puede ser explotado para un ataque de tipo XSS en una variedad de maneras. Esto afecta especialmente a Zulip Desktop versión 2.3.82. • https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •