5
CVSSv2

CVE-2019-16236

Published: 11/09/2019 Updated: 14/09/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Dino prior to 2019-09-10 does not check roster push authorization in module/roster/module.vala.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dino dino

canonical ubuntu linux 18.04

fedoraproject fedora 29

fedoraproject fedora 30

fedoraproject fedora 31

debian debian linux 10.0

Vendor Advisories

Several security issues were fixed in dino-im ...
Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons For the stable distribution (buster), these problems have been fixed in version 00git20181129-1+deb10u1 We recommend that you upgrade your dino-im p ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4524-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff September 16, 2019 wwwdebianorg/security/faq ...
Three CVEs have been identified and fixed in Dino CVE-2019-16235 ============== Dino did not properly check the source of message carbons nvdnistgov/vuln/detail/CVE-2019-16235 Fixed in githubcom/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 CVE-2019-16236 ========== Dino did not check roster push authorizatio ...