Jabberstudio
Products
5- 6 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10807 | Cri | 0.64 | 9.8 | 0.03 | Jul 4, 2017 | JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | ||
| CVE-2017-18225 | Hig | 0.51 | 7.8 | 0.00 | Mar 12, 2018 | The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for… | ||
| CVE-2011-1755 | Hig | 0.49 | 7.5 | 0.04 | Jun 21, 2011 | jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to… | ||
| CVE-2017-18226 | Med | 0.36 | 5.5 | 0.00 | Mar 12, 2018 | The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat… | ||
| CVE-2015-2058 | 0.00 | — | 0.02 | Aug 12, 2015 | c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID. | |||
| CVE-2012-3525 | 0.00 | — | 0.02 | Aug 25, 2012 | s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | |||
| CVE-2011-1754 | 0.00 | — | 0.02 | Jun 21, 2011 | jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to… | |||
| CVE-2006-1329 | 0.00 | — | 0.03 | Mar 21, 2006 | The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". | |||
| CVE-2004-2391 | 0.00 | — | 0.02 | Dec 31, 2004 | Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag. | |||
| CVE-2004-2390 | 0.00 | — | 0.01 | Dec 31, 2004 | The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors. | |||
| CVE-2004-2389 | 0.00 | — | 0.02 | Dec 31, 2004 | Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration. | |||
| CVE-2004-1378 | 0.00 | — | 0.02 | Sep 21, 2004 | The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML… |
- risk 0.64cvss 9.8epss 0.03
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
- risk 0.51cvss 7.8epss 0.00
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for…
- risk 0.49cvss 7.5epss 0.04
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…
- risk 0.36cvss 5.5epss 0.00
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat…
- CVE-2015-2058Aug 12, 2015risk 0.00cvss —epss 0.02
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
- CVE-2012-3525Aug 25, 2012risk 0.00cvss —epss 0.02
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
- CVE-2011-1754Jun 21, 2011risk 0.00cvss —epss 0.02
jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to…
- CVE-2006-1329Mar 21, 2006risk 0.00cvss —epss 0.03
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
- CVE-2004-2391Dec 31, 2004risk 0.00cvss —epss 0.02
Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty tag.
- CVE-2004-2390Dec 31, 2004risk 0.00cvss —epss 0.01
The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors.
- CVE-2004-2389Dec 31, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration.
- CVE-2004-1378Sep 21, 2004risk 0.00cvss —epss 0.02
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML…