EUVD-2019-0130

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-1000021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage ...

FreeBSD : slixmpp -- improper access control (526d9642-3ae7-11e9-a669-8c164582fbac)

NVD reports : slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of th...

Access Control Bypass

slixmpp is vulnerable to access control bypass. The vulnerability exists because the default permissions for persistent storage of private data on a PEP node is not set properly, disclosing private data that have been published to a PEP node to all the contacts of the victim...

CVE-2019-1000021

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...

PYSEC-2019-121

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...

PYSEC-2019-51

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...

PYSEC-2019-121

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...

CVE-2019-1000021

CVE-2019-1000021 affects the Python XMPP library slixmpp, specifically the XEP-0223 plugin (Persistent Storage of Private Data via PubSub). Affected versions are before commit 7cd73b594e8122dddf847953fcfc85ab4d316416, where an incorrect Access Control configuration could allow private data publis...