Skip to main content

Gajim

8 CVEs product

Monthly

CVE-2022-39835 MEDIUM This Month

An issue was discovered in Gajim through 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gajim
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-41055 HIGH POC This Week

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gajim
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2016-10376 MEDIUM PATCH This Month

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gajim
NVD
CVSS 3.0
4.5
EPSS
0.5%
CVE-2015-8688 MEDIUM This Month

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gajim
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2012-5524 MEDIUM POC This Month

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gajim
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2086 HIGH POC PATCH This Week

SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Gajim
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2012-2085 MEDIUM POC This Month

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE Gajim
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-2093 LOW Monitor

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Gajim
NVD
CVSS 2.0
3.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in Gajim through 1.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gajim
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gajim
NVD
EPSS 1% CVSS 4.5
MEDIUM PATCH This Month

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gajim
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gajim
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gajim
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Gajim
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection RCE Gajim
NVD
EPSS 0% CVSS 3.3
LOW Monitor

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Gajim
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy