Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wire wire vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-21301
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue becau...
Wire Wire
7.5
CVSSv2
CVE-2021-41093
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentic...
Wire Wire
2.1
CVSSv2
CVE-2021-41094
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, ho...
Wire Wire
4
CVSSv2
CVE-2022-31009
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between...
Wire Wire
NA
CVE-2023-22737
wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove...
Wire Wire
5
CVSSv2
CVE-2018-8909
The Wire application prior to 2018-03-07 for Android allows malicious users to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
Wire Wire
4
CVSSv2
CVE-2021-32666
wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character...
Wire Wire
6
CVSSv2
CVE-2020-15258
In Wire prior to 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an malicious user to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the...
Wire Wire
7.5
CVSSv2
CVE-2021-41100
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as ...
Wire Wire-server
5
CVSSv2
CVE-2021-41119
Wire-server is the system server for the wire back-end services. Releases prior to v2022-03-01 are subject to a denial of service attack via a crafted object causing a hash collision. This collision causes the server to spend at least quadratic time parsing it which can lead to a...
Wire Wire-server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »