Vendor
Gajim
Products
1
CVEs
6
Across products
6
Status
Private
Products
1- 6 CVEs
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8688 | Med | 0.35 | 5.4 | 0.01 | Jan 15, 2016 | Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. | |
| CVE-2016-10376 | Med | 0.29 | 4.5 | 0.01 | May 28, 2017 | Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. | |
| CVE-2012-5524 | 0.00 | — | 0.00 | Feb 8, 2014 | The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA. | ||
| CVE-2012-2086 | 0.00 | — | 0.01 | Nov 23, 2012 | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | ||
| CVE-2012-2085 | 0.00 | — | 0.01 | Aug 28, 2012 | The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. | ||
| CVE-2012-2093 | 0.00 | — | 0.00 | May 18, 2012 | src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. |