Ejabberd Security Vulnerabilities and Issues — Ejabberd CVE List

Lucene search

Process-oneEjabberd

3 matches found

CVE•added 2010/02/03 7:30 p.m.•60 views

CVE-2010-0305

ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.

5CVSS6.3AI score0.0188EPSS

CVE•added 2011/06/21 2:52 a.m.•53 views

CVE-2011-1753

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nest...

5CVSS6.8AI score0.01937EPSS

CVE•added 2014/10/25 12:55 a.m.•31 views

CVE-2014-8760

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

5CVSS6.3AI score0.00264EPSS