Lucene search
K

23 matches found

OSV
OSV
added 3 days ago2 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2023/09/15 3:15 a.m.4 views

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

4.3CVSS5.8AI score0.00887EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.3 views

SUSE CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

5CVSS6.7AI score0.03032EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.3 views

SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

5.9CVSS6.6AI score0.01263EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

6.5CVSS6.9AI score0.01817EPSS
Exploits0References7
OSV
OSV
added 2022/03/18 5:15 a.m.2 views

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

7.5CVSS7.4AI score0.10666EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/06/16 12:0 a.m.4 views

Cisco Jabber 输入验证错误漏洞

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an input validation error vulnerability that originates as a result of...

6.5CVSS6.9AI score0.00796EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.5 views

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

5.3CVSS5.7AI score0.02169EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.7 views

The vulnerability of the Cisco Jabber for Windows software platform, related to insufficient validation of input data, allows a perpetrator to trigger a service failure state.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure by sending specially crafted XMPP messages...

9.9CVSS7.1AI score0.00941EPSS
Exploits0References3Affected Software3
CNVD
CNVD
added 2020/02/20 12:0 a.m.3 views

Cisco Meeting Server XMPP Denial of Service Vulnerability

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the Extensible Messaging and Status Protocol XMPP feature in Cisco...

5.3CVSS6.6AI score0.01244EPSS
Exploits0References1
PyPA
PyPA
added 2019/06/16 12:29 p.m.6 views

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

7.4CVSS6.9AI score0.01817EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2018/01/11 9:29 p.m.7 views

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

7.5CVSS6.8AI score0.02692EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/08/01 2:23 p.m.3 views

pidgin: remote information leak via crafted XMPP message

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message...

5CVSS6.1AI score0.03776EPSS
Exploits0References4
OSV
OSV
added 2017/07/04 12:29 a.m.4 views

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affect...

6.1CVSS5.8AI score0.01154EPSS
Exploits0References3
CNVD
CNVD
added 2017/06/29 12:0 a.m.4 views

Cisco Unified Contact Center Express Security Bypass Vulnerability

Cisco Unified Contact Center Express is a single-server, integrated contact center for formal and informal contact centers. A security bypass vulnerability exists in the Extensible Messaging and Presence Protocol XMPP service for Cisco Unified Contact Center Express UCCx, which can be exploited b...

6.1CVSS7AI score0.01154EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/13 12:0 a.m.3 views

Yaxim and Bruno User Simulation Vulnerabilities

yaxim and Bruno are both products of Georg Lukas. yaxim Yet Another XMPP Instant Messenger is an XMPP client with a clean user interface and open source GPLv2. Bruno is the best Jabber / XMPP Instant Messaging IM application. Bruno is the best Jabber / XMPP Instant Messaging IM application. A use...

5.9CVSS6AI score0.00679EPSS
Exploits2References1
OSV
OSV
added 2017/02/09 8:59 p.m.3 views

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

5.9CVSS5.8AI score0.00679EPSS
Exploits3References5
OSV
OSV
added 2017/02/09 8:59 p.m.15 views

UBUNTU-CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

5.9CVSS6.5AI score0.01263EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2016/01/05 12:0 a.m.1435 views

XMPP Cleartext Authentication

The remote Extensible Messaging and Presence Protocol XMPP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid87736; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date...

5.5AI score
Exploits0
OSV
OSV
added 2014/04/11 1:55 a.m.1 views

DEBIAN-CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

7.8CVSS6.4AI score0.03313EPSS
Exploits2References1
Rows per page
Query Builder