rpm package
opensuse/gajim&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gajim&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-39835 | — | < 1.5.1-1.1 | 1.5.1-1.1 | Sep 27, 2022 | An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0. | ||
| CVE-2021-41055 | — | < 1.3.3-1.1 | 1.3.3-1.1 | Oct 11, 2021 | Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID. | ||
| CVE-2016-10376 | Med | 4.5 | < 1.3.2-1.2 | 1.3.2-1.2 | May 28, 2017 | Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. | |
| CVE-2015-8688 | Med | 5.4 | < 0.16.6-1.1 | 0.16.6-1.1 | Jan 15, 2016 | Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. | |
| CVE-2012-2093 | — | < 0.16.6-1.1 | 0.16.6-1.1 | May 18, 2012 | src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. |
- CVE-2022-39835Sep 27, 2022affected < 1.5.1-1.1fixed 1.5.1-1.1
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
- CVE-2021-41055Oct 11, 2021affected < 1.3.3-1.1fixed 1.3.3-1.1
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
- affected < 1.3.2-1.2fixed 1.3.2-1.2
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
- affected < 0.16.6-1.1fixed 0.16.6-1.1
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
- CVE-2012-2093May 18, 2012affected < 0.16.6-1.1fixed 0.16.6-1.1
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.