CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

SUSE CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

What is XMPP ❓ — Extensible Messaging & Presence Protocol

What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

Yaxim and Bruno User Simulation Vulnerabilities

yaxim and Bruno are both products of Georg Lukas. yaxim Yet Another XMPP Instant Messenger is an XMPP client with a clean user interface and open source GPLv2. Bruno is the best Jabber / XMPP Instant Messaging IM application. Bruno is the best Jabber / XMPP Instant Messaging IM application. A use...

XMPP Cleartext Authentication

The remote Extensible Messaging and Presence Protocol XMPP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid87736; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date...

Cisco Unified Presence XMPP Denial of Service Vulnerability

The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...

DEBIAN-CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

DEBIAN-CVE-2009-1375

The PurpleCircBuffer implementation in Pidgin formerly Gaim before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service memory corruption and application crash via vectors involving the 1 XMPP or 2 Sametime protocol...