VYPR
Vendor

Jabber

Products
4
CVEs
8
Across products
9
Status
Private

Products

4

Recent CVEs

8
  • CVE-2017-10807CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.03

    JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

  • CVE-2011-1755HigJun 21, 2011
    risk 0.49cvss 7.5epss 0.04

    jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…

  • CVE-2004-0953Jan 10, 2005
    risk 0.04cvss epss 0.10

    Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.

  • CVE-2008-6937Aug 11, 2009
    risk 0.03cvss epss 0.03

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the…

  • CVE-2008-6936Aug 11, 2009
    risk 0.03cvss epss 0.03

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.

  • CVE-2012-3525Aug 25, 2012
    risk 0.00cvss epss 0.02

    s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.

  • CVE-2004-2391Dec 31, 2004
    risk 0.00cvss epss 0.02

    Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag.

  • CVE-2004-0013Feb 3, 2004
    risk 0.00cvss epss 0.02

    jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).