Search criteria
8 vulnerabilities by gajim
CVE-2022-39835 (GCVE-0-2022-39835)
Vulnerability from cvelistv5 – Published: 2022-09-27 18:21 – Updated: 2025-05-21 15:24
VLAI
Summary
An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.
Severity
5.3 (Medium)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://dev.gajim.org/gajim/gajim/-/tags | x_refsource_MISC |
| https://dev.gajim.org/gajim/gajim/-/blob/master/C… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:24:52.503950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:24:58.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T05:40:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-39835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/-/tags",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/tags"
},
{
"name": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/blob/master/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-39835",
"datePublished": "2022-09-27T18:21:13.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2025-05-21T15:24:58.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41055 (GCVE-0-2021-41055)
Vulnerability from cvelistv5 – Published: 2021-10-11 02:40 – Updated: 2024-08-04 02:59
VLAI
Summary
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://dev.gajim.org/gajim/gajim/-/issues/10638 | x_refsource_MISC |
| https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-11T02:40:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/-/issues/10638",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/issues/10638"
},
{
"name": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/-/tags/gajim-1.3.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41055",
"datePublished": "2021-10-11T02:40:43.000Z",
"dateReserved": "2021-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10376 (GCVE-0-2016-10376)
Vulnerability from cvelistv5 – Published: 2017-05-28 00:00 – Updated: 2024-08-06 03:21
VLAI
Summary
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://dev.gajim.org/gajim/gajim/commit/cb65cfc5… | x_refsource_MISC |
| https://mail.jabber.org/pipermail/standards/2016-… | x_refsource_MISC |
| https://security.gentoo.org/glsa/201707-14 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2017/dsa-3943 | vendor-advisoryx_refsource_DEBIAN |
| https://dev.gajim.org/gajim/gajim/issues/8378 | x_refsource_MISC |
| https://bugs.debian.org/863445 | x_refsource_MISC |
Date Public
2017-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/863445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-05T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/863445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim through 0.16.7 unconditionally implements the \"XEP-0146: Remote Controlling Clients\" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc"
},
{
"name": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html",
"refsource": "MISC",
"url": "https://mail.jabber.org/pipermail/standards/2016-August/031335.html"
},
{
"name": "GLSA-201707-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-14"
},
{
"name": "DSA-3943",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3943"
},
{
"name": "https://dev.gajim.org/gajim/gajim/issues/8378",
"refsource": "MISC",
"url": "https://dev.gajim.org/gajim/gajim/issues/8378"
},
{
"name": "https://bugs.debian.org/863445",
"refsource": "MISC",
"url": "https://bugs.debian.org/863445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10376",
"datePublished": "2017-05-28T00:00:00.000Z",
"dateReserved": "2017-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:21:51.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8688 (GCVE-0-2015-8688)
Vulnerability from cvelistv5 – Published: 2016-01-15 19:00 – Updated: 2024-08-06 08:29
VLAI
Summary
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3492 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog | x_refsource_CONFIRM |
| http://gultsch.de/gajim_roster_push_and_message_i… | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2015-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:20.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:0102",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00027.html"
},
{
"name": "DSA-3492",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3492"
},
{
"name": "FEDORA-2016-c82e5c322c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175503.html"
},
{
"name": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog",
"refsource": "CONFIRM",
"url": "https://hg.gajim.org/gajim/file/gajim-0.16.5/ChangeLog"
},
{
"name": "http://gultsch.de/gajim_roster_push_and_message_interception.html",
"refsource": "MISC",
"url": "http://gultsch.de/gajim_roster_push_and_message_interception.html"
},
{
"name": "FEDORA-2016-838200213e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175526.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8688",
"datePublished": "2016-01-15T19:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:29:20.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5524 (GCVE-0-2012-5524)
Vulnerability from cvelistv5 – Published: 2014-02-08 00:00 – Updated: 2024-08-06 21:05
VLAI
Summary
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://security.gentoo.org/glsa/glsa-201401-02.xml | vendor-advisoryx_refsource_GENTOO |
| https://trac.gajim.org/ticket/7252 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/11/11/6 | mailing-listx_refsource_MLIST |
| https://trac.gajim.org/query?status=closed&group=… | x_refsource_CONFIRM |
Date Public
2012-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201401-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7252"
},
{
"name": "[oss-security] 20121111 Gajim fails to handle invalid certificates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-07T22:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201401-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201401-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7252"
},
{
"name": "[oss-security] 20121111 Gajim fails to handle invalid certificates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/11/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/query?status=closed\u0026group=resolution\u0026milestone=0.15.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5524",
"datePublished": "2014-02-08T00:00:00.000Z",
"dateReserved": "2012-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:47.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2086 (GCVE-0-2012-2086)
Vulnerability from cvelistv5 – Published: 2012-11-23 20:00 – Updated: 2024-08-06 19:17
VLAI
Summary
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://trac.gajim.org/changeset/988e38ce0e0c | x_refsource_CONFIRM |
| https://trac.gajim.org/ticket/7034 | x_refsource_CONFIRM |
| http://secunia.com/advisories/48794 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48708 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/04/08/1 | mailing-listx_refsource_MLIST |
| http://security.gentoo.org/glsa/glsa-201208-04.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2012/04/08/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/52943 | vdb-entryx_refsource_BID |
Date Public
2011-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7034"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/988e38ce0e0c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7034"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52943"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2086",
"datePublished": "2012-11-23T20:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2085 (GCVE-0-2012-2085)
Vulnerability from cvelistv5 – Published: 2012-08-28 16:00 – Updated: 2024-08-06 19:17
VLAI
Summary
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/48794 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/48708 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2012/04/08/1 | mailing-listx_refsource_MLIST |
| http://security.gentoo.org/glsa/glsa-201208-04.xml | vendor-advisoryx_refsource_GENTOO |
| https://trac.gajim.org/ticket/7031 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/04/08/2 | mailing-listx_refsource_MLIST |
| https://trac.gajim.org/changeset/bc296e96ac10 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/52943 | vdb-entryx_refsource_BID |
Date Public
2011-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/ticket/7031"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-04T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"name": "48708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48708"
},
{
"name": "[oss-security] 20120408 CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/1"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/ticket/7031"
},
{
"name": "[oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/bc296e96ac10"
},
{
"name": "52943",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52943"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2085",
"datePublished": "2012-08-28T16:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:17:27.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2093 (GCVE-0-2012-2093)
Vulnerability from cvelistv5 – Published: 2012-05-18 22:00 – Updated: 2024-08-06 19:26
VLAI
Summary
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/04/10/6 | mailing-listx_refsource_MLIST |
| http://hg.gajim.org/gajim/rev/f046e4aaf7d4 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/53017 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/48794 | third-party-advisoryx_refsource_SECUNIA |
| https://trac.gajim.org/changeset/13759/src/common… | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201208-04.xml | vendor-advisoryx_refsource_GENTOO |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/48695 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2012-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120410 gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"name": "FEDORA-2012-6061",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"name": "53017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53017"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "gajim-gettmpfilename-symlink(74869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"name": "48695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48695"
},
{
"name": "FEDORA-2012-6161",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"name": "[oss-security] 20120410 RE: gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"name": "FEDORA-2012-6001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120410 gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.gajim.org/gajim/rev/f046e4aaf7d4"
},
{
"name": "FEDORA-2012-6061",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html"
},
{
"name": "53017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53017"
},
{
"name": "48794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.gajim.org/changeset/13759/src/common/latex.py"
},
{
"name": "GLSA-201208-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201208-04.xml"
},
{
"name": "gajim-gettmpfilename-symlink(74869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74869"
},
{
"name": "48695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48695"
},
{
"name": "FEDORA-2012-6161",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html"
},
{
"name": "[oss-security] 20120410 RE: gajim insecure file creation when using latex",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/15"
},
{
"name": "FEDORA-2012-6001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2093",
"datePublished": "2012-05-18T22:00:00.000Z",
"dateReserved": "2012-04-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}