VYPR

rpm package

opensuse/gajim&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/gajim&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2022-39835Sep 27, 2022
    affected < 1.5.1-1.1fixed 1.5.1-1.1

    An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.

  • CVE-2021-41055Oct 11, 2021
    affected < 1.3.3-1.1fixed 1.3.3-1.1

    Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.

  • CVE-2016-10376MedMay 28, 2017
    affected < 1.3.2-1.2fixed 1.3.2-1.2

    Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

  • CVE-2015-8688MedJan 15, 2016
    affected < 0.16.6-1.1fixed 0.16.6-1.1

    Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

  • CVE-2012-2093May 18, 2012
    affected < 0.16.6-1.1fixed 0.16.6-1.1

    src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.