154 matches found
Debian DSA-4108-1 : mailman - security update
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. C Tenable Network...
Debian: Security Advisory (DSA-4108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python3-sleekxmpp (openSUSE-2017-137)
This update for python3-sleekxmpp fixes the following issues : - Check the origin of roster pushes 2015-8688, 2016-9928, boo1014976. Also see https://gultsch.de/gajimrosterpushandmessageinterce ption.html - An error in legacyauth support was fixed %NASLMINLEVEL 70300 C Tenable Network Security,...
11827.digitalsports.com XSS vulnerability
Vulnerable URL: http://11827.digitalsports.com/pages/roster/?levelid=2'"--!...
MGASA-2016-0433 Updated mcabber packages fix security vulnerability
It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...
Updated mcabber packages fix security vulnerability
It was discovered that there was a "roster push attack" vulnerability in mcabber, a console-based Jabber XMPP client. A remote attacker can modify the roster and intercept messages via a crafted roster-push IQ stanza CVE-2016-9928...
[slackware-security] mcabber
New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/loudmouth-1.5.3-i586-1slack14.2.txz: Upgraded. This update is needed for the mcabber security update...
[SECURITY] [DLA 724-1] mcabber security update
Package : mcabber Version : 0.10.1-3+deb7u1 Debian Bug : 845258 It was discovered that there was a "roster push attack" 0 in mcabber, a console-based Jabber XMPP client. For Debian 7 "Wheezy", this issue has been fixed in mcabber version 0.10.1-3+deb7u1. We recommend that you upgrade your mcabber...
DLA-724-1 mcabber - security update
Bulletin has no description...
CVE-2016-1844
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors...
CVE-2016-1844
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors...
Design/Logic Flaw
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors...
CVE-2016-1844
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors...
CVE-2016-1844
CVE-2016-1844 affects OS X El Capitan (Messages) where a validation issue in roster changes could allow a remote attacker to modify another user’s contact list. Apple’s security content (HT206567) indicates this CVE is addressed in OS X El Capitan v10.11.5 and Security Update 2016-003, implying a...
Roster-Calendar - Apache license, BSD license, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Roster-Calendar published at the 'play' market has multiple vulnerabilities...
Debian: Security Advisory (DSA-3492-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3492-1] gajim security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3492-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 25, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 413-1] gajim security update
Package : gajim Version : 0.13.4-3+squeeze4 CVE ID : CVE-2015-8688 Debian Bug : 809900 Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4. - -- Brian May...
Debian DLA-413-1 : gajim security update
Affected versions of gajim allow remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. This has been fixed in squeeze-lts by version 0.13.4-3+squeeze4. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...
DLA-413-1 gajim - security update
Bulletin has no description...