Gajim
CVE-2016-10376
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
AnalysisAI
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-310. Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. Affected products include: Gajim. Version information: through 0.16.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last
The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arb
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which a
Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ sta
An issue was discovered in Gajim through 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploit
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary la
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today