SUSE CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

SUSE CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

pidgin: remote information leak via crafted XMPP message

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message...

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affect...

Cisco Unified Contact Center Express Security Bypass Vulnerability

Cisco Unified Contact Center Express is a single-server, integrated contact center for formal and informal contact centers. A security bypass vulnerability exists in the Extensible Messaging and Presence Protocol XMPP service for Cisco Unified Contact Center Express UCCx, which can be exploited b...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

UBUNTU-CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

DEBIAN-CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

pidgin PurpleCircBuffer corruption

The PurpleCircBuffer implementation in Pidgin formerly Gaim before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service memory corruption and application crash via vectors involving the 1 XMPP or 2 Sametime protocol...