Ejabberd@1.1.1.1 Security Vulnerabilities and Issues — Ejabberd@1.1.1.1 CVE List

Lucene search

Process-oneEjabberd1.1.1.1

4 matches found

CVE•added 2010/02/03 7:30 p.m.•60 views

CVE-2010-0305

ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.

5CVSS6.3AI score0.0188EPSS

CVE•added 2009/03/18 2:0 a.m.•58 views

CVE-2009-0934

Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.

4.3CVSS5.4AI score0.00721EPSS

CVE•added 2011/06/21 2:52 a.m.•53 views

CVE-2011-1753

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nest...

5CVSS6.8AI score0.01937EPSS

CVE•added 2013/10/17 11:55 p.m.•36 views

CVE-2013-6169

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

4.3CVSS5.9AI score0.00443EPSS