CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.9AI score0.005EPSS

Exploits1References1

Github Security Blog•added 2022/05/17 4:47 a.m.•19 views

Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream

7.8CVSS6.1AI score0.005EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/17 4:47 a.m.•24 views

GHSA-5V5W-44W6-Q5HV Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream

8.7CVSS6.4AI score0.005EPSS

Exploits1References4

OPENSUSE Linux•added 2018/06/09 3:11 p.m.•109 views

Security update for prosody (moderate)

This update for prosody fixes the following issues: This security issue was fixed: - CVE-2018-10847: Prevent insufficient validation of client-provided parameters during XMPP stream restarts. Authenticated users may have overriden the realm associated with their session, potentially bypassing...

5AI score0.00264EPSS

Exploits0References1

NVD•added 2014/04/11 1:55 a.m.•5 views

CVE-2014-2829

7.8CVSS6.5AI score0.005EPSS

Exploits1References2

NVD•added 2014/04/11 1:55 a.m.•6 views

CVE-2014-2743

plugins/modcompression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.5AI score0.00753EPSS

Exploits1References4

NVD•added 2014/04/11 1:55 a.m.•9 views

CVE-2014-2742

Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.6AI score0.00693EPSS

Exploits0References3

NVD•added 2014/04/11 1:55 a.m.•9 views

CVE-2014-2741

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.2AI score0.03204EPSS

Exploits0References6

Prion•added 2014/04/11 1:55 a.m.•16 views

Design/Logic Flaw

7.8CVSS6.9AI score0.03204EPSS

Exploits0References6Affected Software1

UbuntuCve•added 2014/04/11 1:55 a.m.•20 views

CVE-2014-2744

plugins/modcompression.lua in 1 Prosody before 0.9.4 and 2 Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service resource consumption via compressed XML elements in an XMPP stream, aka an...

7.8CVSS5.9AI score0.02179EPSS

Exploits2References2

Prion•added 2014/04/11 1:55 a.m.•10 views

Code injection

net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS7.1AI score0.02877EPSS

Exploits0References6Affected Software1

UbuntuCve•added 2014/04/11 1:55 a.m.•13 views

CVE-2014-2745

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...

7.8CVSS5.9AI score0.02179EPSS

Exploits1References3

Prion•added 2014/04/11 1:55 a.m.•8 views

Design/Logic Flaw

7.8CVSS6.6AI score0.02179EPSS

Exploits1References8Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by