Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.14 views

Ubuntu 18.04 ESM : Prosody vulnerability (USN-4834-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4834-1 advisory. It was discovered that Prosody incorrectly validated the virtual host associated with a user session across stream restarts. A remote attacker could use this issu...

8.8CVSS6.6AI score0.01657EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.23 views

openSUSE Security Update : prosody (openSUSE-2019-414)

This update for prosody to version 0.10.2 fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...

8.8CVSS6.7AI score0.01657EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.14 views

Fedora 28 : prosody (2018-18f8c6ce79)

Prosody 0.10.2 ============== See upstream's blog post at https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of the release changes. Prosody 0.10.2 fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple...

8.8CVSS6.7AI score0.01657EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.12 views

openSUSE: Security Advisory for prosody (openSUSE-SU-2018:1632-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.01657EPSS
Exploits0References2
OSV
OSV
added 2018/07/30 5:29 p.m.9 views

CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...

8.8CVSS8.5AI score0.01657EPSS
Exploits0References5
CVE
CVE
added 2018/07/30 4:0 p.m.119 views

CVE-2018-10847

Prosody vulnerability CVE-2018-10847 affects Prosody < 0.10.2 and

8.8CVSS8.3AI score0.01657EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/06/12 12:0 a.m.19 views

openSUSE Security Update : prosody (openSUSE-2018-597)

This update for prosody fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...

8.8CVSS6.5AI score0.01657EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/06/11 12:0 a.m.19 views

openSUSE Security Update : prosody (openSUSE-2018-596)

This update for prosody to version 0.10.2 fixes the following issues : This security issue was fixed : - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...

8.8CVSS6.7AI score0.01657EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/06/10 12:0 a.m.16 views

openSUSE: Security Advisory for prosody (openSUSE-SU-2018:1627-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.01657EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/06/10 12:0 a.m.24 views

Fedora Update for prosody FEDORA-2018-455803056d

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.01657EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/06/10 12:0 a.m.17 views

Fedora Update for prosody FEDORA-2018-18f8c6ce79

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.01657EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/09 3:13 p.m.112 views

Security update for prosody (moderate)

This update for prosody to version 0.10.2 fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session,...

3.5AI score0.01657EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/09 3:11 p.m.112 views

Security update for prosody (moderate)

This update for prosody fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...

5AI score0.01657EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/05 12:0 a.m.26 views

Debian DSA-4216-1 : prosody - security update

It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation...

8.8CVSS6.4AI score0.01657EPSS
Exploits0References7
Debian
Debian
added 2018/06/02 6:56 p.m.15 views

[SECURITY] [DSA 4216-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4216-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2018 https://www.debian.org/security/faq -...

6.5CVSS2.3AI score0.01657EPSS
Exploits0
Debian
Debian
added 2018/06/02 6:56 p.m.20 views

[SECURITY] [DSA 4216-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4216-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2018 https://www.debian.org/security/faq -...

8.8CVSS6.3AI score0.01657EPSS
Exploits0
Rows per page
Query Builder