Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jabberd2 jabberd2 vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2017-18225
The Gentoo net-im/jabberd2 package up to and including 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then wait...
Jabberd2 Jabberd2
2.1
CVSSv2
CVE-2017-18226
The Gentoo net-im/jabberd2 package up to and including 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "...
Jabberd2 Jabberd2
7.5
CVSSv2
CVE-2017-10807
JabberD 2.x (aka jabberd2) prior to 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
Jabberd2 Jabberd2
6.5
CVSSv2
CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and previous versions truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
Jabberd2 Jabberd2
7.5
CVSSv2
CVE-2015-2059
The stringprep_utf8_to_ucs4 function in libin prior to 1.31, as used in jabberd2, allows context-dependent malicious users to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Gnu Libidn
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Fedoraproject Fedora 21
Fedoraproject Fedora 22
5.8
CVSSv2
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and previous versions does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Jabberd2 Jabberd2 2.1.2
Jabberd2 Jabberd2 2.1.9
Jabberd2 Jabberd2 2.1.23
Jabberd2 Jabberd2 2.2.7.1
Jabberd2 Jabberd2 2.1.1
Jabberd2 Jabberd2 2.1.5
Jabberd2 Jabberd2 2.2.10
Jabberd2 Jabberd2 2.2.0
Jabberd2 Jabberd2 2.1.8
Jabberd2 Jabberd2 2.2.2
Jabberd2 Jabberd2 2.1.12
Jabberd2 Jabberd2 2.2.8
Jabberd2 Jabberd2 2.1.18
Jabberd2 Jabberd2 2.1.22
Jabberd2 Jabberd2
Jabberd2 Jabberd2 2.2.7
Jabberd2 Jabberd2 2.2.5
Jabberd2 Jabberd2 2.2.13
Jabberd2 Jabberd2 2.1.10
Jabberd2 Jabberd2 2.1
Jabberd2 Jabberd2 2.1.15
Jabberd2 Jabberd2 2.2.15
5
CVSSv2
CVE-2011-1755
jabberd2 prior to 2.2.14 does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to ...
Jabberd2 Jabberd2
Fedoraproject Fedora 13
Fedoraproject Fedora 15
Fedoraproject Fedora 14
Apple Mac Os X Server
Apple Mac Os X
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started