Vulnerabilites related to gajim - gajim
CVE-2016-10376 (GCVE-0-2016-10376)
Vulnerability from cvelistv5
Published
2017-05-28 00:00
Modified
2024-08-06 03:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc | x_refsource_MISC | |
| https://mail.jabber.org/pipermail/standards/2016-August/031335.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201707-14 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2017/dsa-3943 | vendor-advisory, x_refsource_DEBIAN | |
| https://dev.gajim.org/gajim/gajim/issues/8378 | x_refsource_MISC | |
| https://bugs.debian.org/863445 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/863445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-05T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/863445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"name": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html",
"refsource": "MISC",
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"name": "https://dev.gajim.org/gajim/gajim/issues/8378",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"name": "https://bugs.debian.org/863445",
"refsource": "MISC",
"url": "https://bugs.debian.org/863445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10376",
"datePublished": "2017-05-28T00:00:00",
"dateReserved": "2017-05-27T00:00:00",
"dateUpdated": "2024-08-06T03:21:51.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2093 (GCVE-0-2012-2093)
Vulnerability from cvelistv5
Published
2012-05-18 22:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120410 gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"name": "FEDORA-2012-6061",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"name": "53017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53017"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "gajim-gettmpfilename-symlink(74869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"name": "48695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48695"
},
{
"name": "FEDORA-2012-6161",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"name": "[oss-security] 20120410 RE: gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"name": "FEDORA-2012-6001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120410 gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"name": "FEDORA-2012-6061",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"name": "53017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53017"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "gajim-gettmpfilename-symlink(74869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"name": "48695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48695"
},
{
"name": "FEDORA-2012-6161",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"name": "[oss-security] 20120410 RE: gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"name": "FEDORA-2012-6001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2093",
"datePublished": "2012-05-18T22:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2085 (GCVE-0-2012-2085)
Vulnerability from cvelistv5
Published
2012-08-28 16:00
Modified
2024-08-06 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48794 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/48708 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/08/1 | mailing-list, x_refsource_MLIST | |
| http://security.gentoo.org/glsa/glsa-201208-04.xml | vendor-advisory, x_refsource_GENTOO | |
| https://trac.gajim.org/ticket/7031 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/04/08/2 | mailing-list, x_refsource_MLIST | |
| https://trac.gajim.org/changeset/bc296e96ac10 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52943 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7031"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7031"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52943"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2085",
"datePublished": "2012-08-28T16:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2086 (GCVE-0-2012-2086)
Vulnerability from cvelistv5
Published
2012-11-23 20:00
Modified
2024-08-06 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://trac.gajim.org/changeset/988e38ce0e0c | x_refsource_CONFIRM | |
| https://trac.gajim.org/ticket/7034 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48794 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/48708 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/08/1 | mailing-list, x_refsource_MLIST | |
| http://security.gentoo.org/glsa/glsa-201208-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2012/04/08/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/52943 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7034"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7034"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52943"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2086",
"datePublished": "2012-11-23T20:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39835 (GCVE-0-2022-39835)
Vulnerability from cvelistv5
Published
2022-09-27 18:21
Modified
2025-05-21 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dev.gajim.org/gajim/gajim/-/tags | x_refsource_MISC | |
| https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:24:52.503950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:24:58.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T05:40:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-39835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/-/tags",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"name": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-39835",
"datePublished": "2022-09-27T18:21:13.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-21T15:24:58.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8688 (GCVE-0-2015-8688)
Vulnerability from cvelistv5
Published
2016-01-15 19:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2016/dsa-3492 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html | vendor-advisory, x_refsource_FEDORA | |
| https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog | x_refsource_CONFIRM | |
| http://gultsch.de/gajim_roster_push_and_message_interception.html | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:20.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"name": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog",
"refsource": "CONFIRM",
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"name": "http://gultsch.de/gajim_roster_push_and_message_interception.html",
"refsource": "MISC",
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8688",
"datePublished": "2016-01-15T19:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-06T08:29:20.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41055 (GCVE-0-2021-41055)
Vulnerability from cvelistv5
Published
2021-10-11 02:40
Modified
2024-08-04 02:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dev.gajim.org/gajim/gajim/-/issues/10638 | x_refsource_MISC | |
| https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T02:40:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/-/issues/10638",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"name": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41055",
"datePublished": "2021-10-11T02:40:43",
"dateReserved": "2021-09-13T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5524 (GCVE-0-2012-5524)
Vulnerability from cvelistv5
Published
2014-02-08 00:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201401-02.xml | vendor-advisory, x_refsource_GENTOO | |
| https://trac.gajim.org/ticket/7252 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/11/6 | mailing-list, x_refsource_MLIST | |
| https://trac.gajim.org/query?status=closed&group=resolution&milestone=0.15.3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201401-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7252"
},
{
"name": "[oss-security] 20121111 Gajim fails to handle invalid certificates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-07T22:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201401-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7252"
},
{
"name": "[oss-security] 20121111 Gajim fails to handle invalid certificates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5524",
"datePublished": "2014-02-08T00:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-11-23 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gajim | gajim | * | |
| gajim | gajim | 0.1 | |
| gajim | gajim | 0.2 | |
| gajim | gajim | 0.2.1 | |
| gajim | gajim | 0.3 | |
| gajim | gajim | 0.4 | |
| gajim | gajim | 0.4.1 | |
| gajim | gajim | 0.5 | |
| gajim | gajim | 0.5.1 | |
| gajim | gajim | 0.6 | |
| gajim | gajim | 0.6.1 | |
| gajim | gajim | 0.7 | |
| gajim | gajim | 0.7.1 | |
| gajim | gajim | 0.8 | |
| gajim | gajim | 0.8.1 | |
| gajim | gajim | 0.8.2 | |
| gajim | gajim | 0.9 | |
| gajim | gajim | 0.9.1 | |
| gajim | gajim | 0.10 | |
| gajim | gajim | 0.10.1 | |
| gajim | gajim | 0.11 | |
| gajim | gajim | 0.11.1 | |
| gajim | gajim | 0.11.2 | |
| gajim | gajim | 0.11.3 | |
| gajim | gajim | 0.11.4 | |
| gajim | gajim | 0.12 | |
| gajim | gajim | 0.12.1 | |
| gajim | gajim | 0.12.2 | |
| gajim | gajim | 0.12.3 | |
| gajim | gajim | 0.12.4 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.13 | |
| gajim | gajim | 0.13.1 | |
| gajim | gajim | 0.13.2 | |
| gajim | gajim | 0.13.3 | |
| gajim | gajim | 0.13.4 | |
| gajim | gajim | 0.14 | |
| gajim | gajim | 0.14.1 | |
| gajim | gajim | 0.14.2 | |
| gajim | gajim | 0.14.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A1D2EF-3B3E-4DA1-93A6-2CE1702BB074",
"versionEndIncluding": "0.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "380A6FF5-61CF-49E8-B186-234887A4AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "867A9CBE-A1BD-4BBE-94CA-482DD25E128C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0384DE-8ACB-4DE4-A552-92EC3725C3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0841132E-16B8-4BC2-AEAD-3C36CF818D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7B00AB-F113-4EC5-B5F5-582D7E062859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "304C78CD-BDFC-4333-9FF2-E14C03DB6856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E346EC3-2B7E-49DE-B5F0-32375BA68277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADAF95F-8CBA-49DD-8873-4157A2EDA5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA08222-A713-4B86-AEE6-84DD0CD500F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D892C8F-AA49-4EBD-8998-50501D052E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1639A77-0047-4C83-9027-DE5F48F37BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98CE8D-8BA0-4AD0-AC61-6A955FE25E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB29408-B04B-4AE8-B426-B76550516AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "425CF4D9-9B13-4334-8F98-989FB32550D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D358E094-AB6E-4802-B917-DFD30447A389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F13C707F-0418-48F1-A8F6-97D85498B755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC0291-4E6B-4331-A554-3677A0A8A7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "558A468C-59C6-41A7-8498-69D570D1A9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F42B57-BB61-4F59-B352-A2941FD48EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "696B838C-F3C2-4A1B-A25E-A1913FD9B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC663CF-BBA3-479F-8EE8-5B3D54CC5210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118A63F7-A760-4A93-8690-3C83520EA9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B31F13-E9A8-43C9-BB85-0DDF99B058C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB235BDE-CFF1-4F84-A017-A6351B1EB475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23654F1F-7098-4356-B64B-CF159CE3338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE387E-D303-420C-BEE4-B73FFEEFF229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA31CEAD-AAB5-4B59-824D-00BC85C4F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0FEF18-FEB5-41D2-A249-F144FF399385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C79FA382-4FB4-4A90-AE50-A941A8135A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CD4800-B39B-407A-A5AA-0B19568A34A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "EE6AC1C1-FC28-438C-9251-1BEABD031027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56939C0E-D6E4-48CA-BFD8-4371967D7896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B20A8CA3-B8FB-407D-9F1C-8AA0E406E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F03392-8E65-4072-B18D-A33D414719BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61E38997-A725-4D77-883C-B7BFA7A1DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FA7E1F-9FD3-46B8-BD42-DBA594F78694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54229127-108A-422B-AC3E-0EF3237ABB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1544C901-A830-407E-B407-E67C94B4BBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B798A67-20E8-44F8-B4A4-136B60B58034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B498FF1-33EC-4562-9E60-5CD850ECB728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "569950C0-739F-4F5E-9E8F-79F0BFF0EC15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n get_last_conversation_lines en common/logger.py en Gajim anterior a v0.15 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro jig."
}
],
"id": "CVE-2012-2086",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-23T20:55:02.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48708"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52943"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://trac.gajim.org/ticket/7034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://trac.gajim.org/ticket/7034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-08 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gajim | gajim | * | |
| gajim | gajim | 0.1 | |
| gajim | gajim | 0.2 | |
| gajim | gajim | 0.2.1 | |
| gajim | gajim | 0.3 | |
| gajim | gajim | 0.4 | |
| gajim | gajim | 0.4.1 | |
| gajim | gajim | 0.5 | |
| gajim | gajim | 0.5.1 | |
| gajim | gajim | 0.6 | |
| gajim | gajim | 0.6.1 | |
| gajim | gajim | 0.7 | |
| gajim | gajim | 0.7.1 | |
| gajim | gajim | 0.8 | |
| gajim | gajim | 0.8.1 | |
| gajim | gajim | 0.8.2 | |
| gajim | gajim | 0.9 | |
| gajim | gajim | 0.9.1 | |
| gajim | gajim | 0.10 | |
| gajim | gajim | 0.10.1 | |
| gajim | gajim | 0.11 | |
| gajim | gajim | 0.11.1 | |
| gajim | gajim | 0.11.2 | |
| gajim | gajim | 0.11.3 | |
| gajim | gajim | 0.11.4 | |
| gajim | gajim | 0.12 | |
| gajim | gajim | 0.12.1 | |
| gajim | gajim | 0.12.2 | |
| gajim | gajim | 0.12.3 | |
| gajim | gajim | 0.12.4 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.13 | |
| gajim | gajim | 0.13.1 | |
| gajim | gajim | 0.13.2 | |
| gajim | gajim | 0.13.3 | |
| gajim | gajim | 0.13.4 | |
| gajim | gajim | 0.14 | |
| gajim | gajim | 0.14.1 | |
| gajim | gajim | 0.14.2 | |
| gajim | gajim | 0.14.3 | |
| gajim | gajim | 0.14.4 | |
| gajim | gajim | 0.15 | |
| gajim | gajim | 0.15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC697A3E-D289-4EAA-BEB1-50243DEC70B5",
"versionEndIncluding": "0.15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "380A6FF5-61CF-49E8-B186-234887A4AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "867A9CBE-A1BD-4BBE-94CA-482DD25E128C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0384DE-8ACB-4DE4-A552-92EC3725C3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0841132E-16B8-4BC2-AEAD-3C36CF818D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7B00AB-F113-4EC5-B5F5-582D7E062859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "304C78CD-BDFC-4333-9FF2-E14C03DB6856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E346EC3-2B7E-49DE-B5F0-32375BA68277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADAF95F-8CBA-49DD-8873-4157A2EDA5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA08222-A713-4B86-AEE6-84DD0CD500F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D892C8F-AA49-4EBD-8998-50501D052E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1639A77-0047-4C83-9027-DE5F48F37BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98CE8D-8BA0-4AD0-AC61-6A955FE25E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB29408-B04B-4AE8-B426-B76550516AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "425CF4D9-9B13-4334-8F98-989FB32550D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D358E094-AB6E-4802-B917-DFD30447A389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F13C707F-0418-48F1-A8F6-97D85498B755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC0291-4E6B-4331-A554-3677A0A8A7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "558A468C-59C6-41A7-8498-69D570D1A9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F42B57-BB61-4F59-B352-A2941FD48EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "696B838C-F3C2-4A1B-A25E-A1913FD9B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC663CF-BBA3-479F-8EE8-5B3D54CC5210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118A63F7-A760-4A93-8690-3C83520EA9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B31F13-E9A8-43C9-BB85-0DDF99B058C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB235BDE-CFF1-4F84-A017-A6351B1EB475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23654F1F-7098-4356-B64B-CF159CE3338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE387E-D303-420C-BEE4-B73FFEEFF229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA31CEAD-AAB5-4B59-824D-00BC85C4F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0FEF18-FEB5-41D2-A249-F144FF399385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C79FA382-4FB4-4A90-AE50-A941A8135A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CD4800-B39B-407A-A5AA-0B19568A34A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "EE6AC1C1-FC28-438C-9251-1BEABD031027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56939C0E-D6E4-48CA-BFD8-4371967D7896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B20A8CA3-B8FB-407D-9F1C-8AA0E406E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F03392-8E65-4072-B18D-A33D414719BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61E38997-A725-4D77-883C-B7BFA7A1DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FA7E1F-9FD3-46B8-BD42-DBA594F78694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54229127-108A-422B-AC3E-0EF3237ABB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1544C901-A830-407E-B407-E67C94B4BBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B798A67-20E8-44F8-B4A4-136B60B58034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B498FF1-33EC-4562-9E60-5CD850ECB728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "569950C0-739F-4F5E-9E8F-79F0BFF0EC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42943B53-EB2C-4CFD-8107-36CEAAF4EB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7444EF11-27AE-43BF-9DA4-4A0675E81A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C83A89-7790-4A52-A54E-975090A99F94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA."
},
{
"lang": "es",
"value": "La funci\u00f3n _ssl_verify_callback en tls_nb.py en Gajim anterior a 0.15.3 no verifica debidamente los certificados SSL, lo que permite a atacantes remotos llevar a cabo ataques de man-in-the-middle (MITM) y falsificar servidores a trav\u00e9s de un certificado arbitrario de una CA confiable."
}
],
"id": "CVE-2012-5524",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-08T00:55:05.910",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"source": "secalert@redhat.com",
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.gajim.org/ticket/7252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.gajim.org/ticket/7252"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-28 00:29
Modified
2025-04-20 01:37
Severity ?
Summary
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FF3914-54EC-43A7-B55F-524E029FEE24",
"versionEndIncluding": "0.16.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions."
},
{
"lang": "es",
"value": "Gajim hasta la versi\u00f3n 0.16.7 implementa incondicionalmente la extensi\u00f3n \"XEP-0146: Remote Controlling Clients\". Esto puede ser abusado por un servidor malicioso XMPP, por ejemplo, extrayendo texto plano de las sesiones OTR encriptadas."
}
],
"id": "CVE-2016-10376",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-28T00:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863445"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/863445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201707-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-18 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7444EF11-27AE-43BF-9DA4-4A0675E81A73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function."
},
{
"lang": "es",
"value": "src/common/latex.py en Gajim v0.15 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simb\u00f3lico en un archivo latex temporal, relacionada con la funci\u00f3n get_tmpfile_name."
}
],
"id": "CVE-2012-2093",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-18T22:55:02.903",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48695"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53017"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"source": "secalert@redhat.com",
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-11 03:15
Modified
2024-11-21 06:25
Severity ?
Summary
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dev.gajim.org/gajim/gajim/-/issues/10638 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.gajim.org/gajim/gajim/-/issues/10638 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25130B9D-AEF9-4A76-ACE1-BF4AD11D321D",
"versionEndExcluding": "1.3.3",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID."
},
{
"lang": "es",
"value": "Gajim versiones 1.2.x y 1.3.x anteriores a 1.3.3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) por medio de un mensaje XMPP Last Message Correction (XEP-0308) dise\u00f1ado en el chat multiusuario, donde el ID del mensaje es igual al ID de la correcci\u00f3n"
}
],
"id": "CVE-2021-41055",
"lastModified": "2024-11-21T06:25:21.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-11T03:15:06.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-27 23:15
Modified
2025-05-21 16:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://dev.gajim.org/gajim/gajim/-/tags | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dev.gajim.org/gajim/gajim/-/tags | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F934E42-8259-49E1-BFEE-6F099C45B487",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Gajim a trav\u00e9s de la versi\u00f3n 1.4.7. La vulnerabilidad permite a los atacantes, a trav\u00e9s de estrofas XML manipuladas, corregir mensajes que no fueron enviados por ellos. El atacante necesita formar parte del chat de grupo o del chat individual. La versi\u00f3n corregida es la 1.5.0"
}
],
"id": "CVE-2022-39835",
"lastModified": "2025-05-21T16:15:26.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-27T23:15:15.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-28 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gajim | gajim | * | |
| gajim | gajim | 0.1 | |
| gajim | gajim | 0.10 | |
| gajim | gajim | 0.10.1 | |
| gajim | gajim | 0.11 | |
| gajim | gajim | 0.11.1 | |
| gajim | gajim | 0.11.2 | |
| gajim | gajim | 0.11.3 | |
| gajim | gajim | 0.11.4 | |
| gajim | gajim | 0.12 | |
| gajim | gajim | 0.12.1 | |
| gajim | gajim | 0.12.2 | |
| gajim | gajim | 0.12.3 | |
| gajim | gajim | 0.12.4 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.12.5 | |
| gajim | gajim | 0.13 | |
| gajim | gajim | 0.13.1 | |
| gajim | gajim | 0.13.2 | |
| gajim | gajim | 0.13.3 | |
| gajim | gajim | 0.13.4 | |
| gajim | gajim | 0.14 | |
| gajim | gajim | 0.14.1 | |
| gajim | gajim | 0.14.2 | |
| gajim | gajim | 0.14.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A1D2EF-3B3E-4DA1-93A6-2CE1702BB074",
"versionEndIncluding": "0.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "380A6FF5-61CF-49E8-B186-234887A4AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "558A468C-59C6-41A7-8498-69D570D1A9A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F42B57-BB61-4F59-B352-A2941FD48EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "696B838C-F3C2-4A1B-A25E-A1913FD9B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC663CF-BBA3-479F-8EE8-5B3D54CC5210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "118A63F7-A760-4A93-8690-3C83520EA9D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B31F13-E9A8-43C9-BB85-0DDF99B058C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB235BDE-CFF1-4F84-A017-A6351B1EB475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23654F1F-7098-4356-B64B-CF159CE3338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AFE387E-D303-420C-BEE4-B73FFEEFF229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA31CEAD-AAB5-4B59-824D-00BC85C4F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0FEF18-FEB5-41D2-A249-F144FF399385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C79FA382-4FB4-4A90-AE50-A941A8135A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CD4800-B39B-407A-A5AA-0B19568A34A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "EE6AC1C1-FC28-438C-9251-1BEABD031027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.12.5:beta1:*:*:*:*:*:*",
"matchCriteriaId": "56939C0E-D6E4-48CA-BFD8-4371967D7896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B20A8CA3-B8FB-407D-9F1C-8AA0E406E7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F03392-8E65-4072-B18D-A33D414719BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61E38997-A725-4D77-883C-B7BFA7A1DD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FA7E1F-9FD3-46B8-BD42-DBA594F78694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54229127-108A-422B-AC3E-0EF3237ABB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1544C901-A830-407E-B407-E67C94B4BBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B798A67-20E8-44F8-B4A4-136B60B58034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B498FF1-33EC-4562-9E60-5CD850ECB728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gajim:gajim:0.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "569950C0-739F-4F5E-9E8F-79F0BFF0EC15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute."
},
{
"lang": "es",
"value": "La funci\u00f3n exec_command en common/helpers.py en Gajim anterior a v0.15 permite a usuarios asistidos por atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s del metacaracter shell en un atributo href."
}
],
"id": "CVE-2012-2085",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-28T17:55:04.453",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48708"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52943"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"source": "secalert@redhat.com",
"url": "https://trac.gajim.org/ticket/7031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.gajim.org/ticket/7031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-15 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5336977-7521-439E-A0E0-48C07796F749",
"versionEndIncluding": "0.16.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza."
},
{
"lang": "es",
"value": "Gajim en versiones anteriores a 0.16.5 permite a atacantes remotos modificar la lista e interceptar mensajes a trav\u00e9s de una inserci\u00f3n en la lista IQ stanza manipulada."
}
],
"id": "CVE-2015-8688",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-15T19:59:03.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}