VYPR

Smack

by Igniterealtime

Source repositories

CVEs (4)

  • CVE-2016-10027MedJan 12, 2017
    risk 0.31cvss 5.9epss 0.02

    Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a…

  • CVE-2025-68733Dec 24, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own…

  • CVE-2014-0364Apr 30, 2014
    risk 0.00cvss epss 0.06

    The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.

  • CVE-2014-0363Apr 30, 2014
    risk 0.00cvss epss 0.01

    The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information…