Jabber
Products
4- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10807 | Cri | 0.64 | 9.8 | 0.03 | Jul 4, 2017 | JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | ||
| CVE-2011-1755 | Hig | 0.49 | 7.5 | 0.04 | Jun 21, 2011 | jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to… | ||
| CVE-2004-0953 | 0.04 | — | 0.10 | Jan 10, 2005 | Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username. | |||
| CVE-2008-6937 | 0.03 | — | 0.03 | Aug 11, 2009 | Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the… | |||
| CVE-2008-6936 | 0.03 | — | 0.03 | Aug 11, 2009 | Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | |||
| CVE-2012-3525 | 0.00 | — | 0.02 | Aug 25, 2012 | s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | |||
| CVE-2004-2391 | 0.00 | — | 0.02 | Dec 31, 2004 | Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag. | |||
| CVE-2004-0013 | 0.00 | — | 0.02 | Feb 3, 2004 | jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). |
- risk 0.64cvss 9.8epss 0.03
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
- risk 0.49cvss 7.5epss 0.04
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…
- CVE-2004-0953Jan 10, 2005risk 0.04cvss —epss 0.10
Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.
- CVE-2008-6937Aug 11, 2009risk 0.03cvss —epss 0.03
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the…
- CVE-2008-6936Aug 11, 2009risk 0.03cvss —epss 0.03
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
- CVE-2012-3525Aug 25, 2012risk 0.00cvss —epss 0.02
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
- CVE-2004-2391Dec 31, 2004risk 0.00cvss —epss 0.02
Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag.
- CVE-2004-0013Feb 3, 2004risk 0.00cvss —epss 0.02
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).