Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jabberd2 jabberd2 vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2017-18225
The Gentoo net-im/jabberd2 package up to and including 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then wait...
Jabberd2 Jabberd2
187
VMScore
CVE-2017-18226
The Gentoo net-im/jabberd2 package up to and including 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "...
Jabberd2 Jabberd2
668
VMScore
CVE-2017-10807
JabberD 2.x (aka jabberd2) prior to 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
Jabberd2 Jabberd2
668
VMScore
CVE-2015-2059
The stringprep_utf8_to_ucs4 function in libin prior to 1.31, as used in jabberd2, allows context-dependent malicious users to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Gnu Libidn
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Fedoraproject Fedora 21
Fedoraproject Fedora 22
578
VMScore
CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and previous versions truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.
Jabberd2 Jabberd2
516
VMScore
CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and previous versions does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
Jabberd2 Jabberd2 2.1.2
Jabberd2 Jabberd2 2.1.9
Jabberd2 Jabberd2 2.1.23
Jabberd2 Jabberd2 2.2.7.1
Jabberd2 Jabberd2 2.1.1
Jabberd2 Jabberd2 2.1.5
Jabberd2 Jabberd2 2.2.10
Jabberd2 Jabberd2 2.2.0
Jabberd2 Jabberd2 2.1.8
Jabberd2 Jabberd2 2.2.2
Jabberd2 Jabberd2 2.1.12
Jabberd2 Jabberd2 2.2.8
Jabberd2 Jabberd2 2.1.18
Jabberd2 Jabberd2 2.1.22
Jabberd2 Jabberd2
Jabberd2 Jabberd2 2.2.7
Jabberd2 Jabberd2 2.2.5
Jabberd2 Jabberd2 2.2.13
Jabberd2 Jabberd2 2.1.10
Jabberd2 Jabberd2 2.1
Jabberd2 Jabberd2 2.1.15
Jabberd2 Jabberd2 2.2.15
445
VMScore
CVE-2011-1755
jabberd2 prior to 2.2.14 does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to ...
Jabberd2 Jabberd2
Fedoraproject Fedora 13
Fedoraproject Fedora 15
Fedoraproject Fedora 14
Apple Mac Os X Server
Apple Mac Os X
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started