Lucene search
K

1099 matches found

CNNVD
CNNVD
added 2024/09/25 12:0 a.m.3 views

Xmpp 安全漏洞

Xmpp is a set of Xmpp-related libraries and tools for Go open-sourced by the Mellium Co-op. A security vulnerability exists in Xmpp versions 0.0.1 through 0.21.4 that stems from an unchecked section type, which allows response spoofing...

9.8CVSS6.5AI score0.00612EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.13 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

9.3AI score0.00612EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/24 12:0 a.m.25 views

CVE-2024-46957

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0...

0.00612EPSS
Exploits0References2
CVE
CVE
added 2024/09/24 12:0 a.m.41 views

CVE-2024-46957

Summary: Mellium mellium.im/xmpp versions 0.0.1 through 0.21.4 are vulnerable to response spoofing because the stanza type is not checked when IDs are predictable. This can enable an attacker to spoof responses and may lead to compromise. The issue is fixed in version 0.22.0. Affected software: M...

9.8CVSS9.3AI score0.00612EPSS
Exploits0References2
OSV
OSV
added 2024/08/20 2:15 p.m.14 views

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

5.4CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2024/08/20 12:0 a.m.31 views

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

0.00323EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.9 views

PT-2024-28348 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica version 2024.03 Description: The issue is related to Cross Site Scripting XSS in the settings/profile section via the homepage, xmpp, and matrix parameters. This allows for potential malicious script execution. Recommendations: For...

5.4CVSS5.8AI score0.00323EPSS
Exploits1References8
CVE
CVE
added 2024/08/20 12:0 a.m.55 views

CVE-2024-39094

Friendica 2024.03 is affected by a Cross‑Site Scripting (XSS) vulnerability in the settings/profile area accessible via the homepage, xmpp, and matrix parameters. The issue targets the settings/profile component and is exploited through crafted input in those parameters, with details indicating u...

5.4CVSS5.8AI score0.00323EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/20 12:0 a.m.11 views

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

6AI score0.00323EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 7 : python-twisted (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-twisted: XMPP support in words.protocols.jabber.xmlstream in Twisted does not verify certificates allowing f...

7.4CVSS7.5AI score0.01817EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.36 views

FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...

8.6CVSS8AI score0.99999EPSS
Exploits15References3
Veracode
Veracode
added 2024/03/28 5:38 a.m.16 views

Improper Privilege Management

org.igniterealtime.openfire:xmppserver is vulnerable to Improper Privilege Management. The vulnerability is caused by the lack of proper validation of user privileges when a user account is deleted and subsequently recreated with the same username. This allows an attacker to exploit the system an...

7.2CVSS6.9AI score0.0165EPSS
Exploits2References5Affected Software1
The Hacker News
The Hacker News
added 2024/03/08 1:14 p.m.31 views

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act DMA went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability interop t...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2023/12/15 4:30 p.m.477 views

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315 - Openfire Authentication Bypass This reposito...

8.6CVSS8.5AI score0.99999EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/10/28 7:20 a.m.56 views

Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service

New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber.ru aka xmpp.ru, an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode a subsidiary of Akamai in Germany. "The attacker has issued several new TLS...

5.5CVSS7.3AI score0.00717EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2023/10/27 11:1 a.m.19 views

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.14 views

Ubuntu 18.04 ESM : Prosody vulnerability (USN-4834-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4834-1 advisory. It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issu...

8.8CVSS6.6AI score0.01657EPSS
Exploits0References2
NVD
NVD
added 2023/09/15 3:15 a.m.23 views

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

4.3CVSS4.6AI score0.00887EPSS
Exploits0References1
Prion
Prion
added 2023/09/15 3:15 a.m.25 views

Design/Logic Flaw

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

4CVSS4.7AI score0.00887EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/15 2:12 a.m.16 views

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

4.3CVSS6.8AI score0.00887EPSS
Exploits0References1
Rows per page
Query Builder