Vulnerabilities > Zulip > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-41115 Unspecified vulnerability in Zulip
Zulip is an open source team chat server.
network
low complexity
zulip
6.5
2021-04-15 CVE-2021-30487 Unspecified vulnerability in Zulip Server 3.0/3.1
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
network
low complexity
zulip
4.0
2021-04-15 CVE-2021-30479 Improper Privilege Management vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip CWE-269
5.0
2021-04-15 CVE-2021-30478 Improper Privilege Management vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip CWE-269
4.0
2021-04-15 CVE-2021-30477 Unspecified vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip
4.0
2021-02-05 CVE-2020-10858 Incorrect Permission Assignment for Critical Resource vulnerability in Zulip Desktop
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
network
low complexity
zulip CWE-732
5.0
2020-08-21 CVE-2020-15070 Injection vulnerability in Zulip Server
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
network
low complexity
zulip CWE-74
6.5
2020-08-21 CVE-2020-14215 Incorrect Authorization vulnerability in Zulip Server
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
network
low complexity
zulip CWE-863
5.0
2020-08-21 CVE-2020-14194 Improper Input Validation vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
network
zulip CWE-20
5.8
2020-08-21 CVE-2020-12759 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
network
zulip CWE-79
4.3