Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Gajim Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41055 1 Gajim 1 Gajim 2024-02-04 5.0 MEDIUM 7.5 HIGH
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
CVE-2016-10376 1 Gajim 1 Gajim 2024-02-04 3.5 LOW 4.5 MEDIUM
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
CVE-2015-8688 1 Gajim 1 Gajim 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
CVE-2012-5524 1 Gajim 1 Gajim 2024-02-04 4.3 MEDIUM N/A
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
CVE-2012-2093 1 Gajim 1 Gajim 2024-02-04 3.3 LOW N/A
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
CVE-2012-2086 1 Gajim 1 Gajim 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
CVE-2012-2085 1 Gajim 1 Gajim 2024-02-04 6.8 MEDIUM N/A
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.