This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gajim First view 2012-08-28
Product Gajim Last view 2022-09-27
Version 0.13.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gajim:gajim

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2022-09-27 CVE-2022-39835

An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.

7.5 2021-10-11 CVE-2021-41055

Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.

4.5 2017-05-27 CVE-2016-10376

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

5.4 2016-01-15 CVE-2015-8688

Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.

4.3 2014-02-07 CVE-2012-5524

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

7.5 2012-11-23 CVE-2012-2086

SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.

6.8 2012-08-28 CVE-2012-2085

The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-20 Improper Input Validation
20% (1) CWE-310 Cryptographic Issues
20% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
20% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...

OpenVAS Exploits

id Description
2012-08-30 Name : Gentoo Security Advisory GLSA 201208-04 (gajim)
File : nvt/glsa_201208_04.nasl
2012-04-30 Name : Debian Security Advisory DSA 2453-1 (gajim)
File : nvt/deb_2453_1.nasl
2012-04-30 Name : Debian Security Advisory DSA 2453-2 (gajim)
File : nvt/deb_2453_2.nasl

Nessus® Vulnerability Scanner

id Description
2017-08-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3943.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-e6deec5bd0.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201707-14.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-62547837ba.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-3c561780c8.nasl - Type: ACT_GATHER_INFO
2017-06-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-665.nasl - Type: ACT_GATHER_INFO
2017-05-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-967.nasl - Type: ACT_GATHER_INFO
2017-01-24 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-137.nasl - Type: ACT_GATHER_INFO
2016-12-22 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1502.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-c82e5c322c.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-838200213e.nasl - Type: ACT_GATHER_INFO
2016-02-09 Name: The remote Debian host is missing a security update.
File: debian_DLA-413.nasl - Type: ACT_GATHER_INFO
2016-01-25 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-29.nasl - Type: ACT_GATHER_INFO
2014-01-07 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201401-02.nasl - Type: ACT_GATHER_INFO
2013-04-01 Name: The remote Fedora host is missing a security update.
File: fedora_2013-4210.nasl - Type: ACT_GATHER_INFO
2013-04-01 Name: The remote Fedora host is missing a security update.
File: fedora_2013-4205.nasl - Type: ACT_GATHER_INFO
2012-08-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201208-04.nasl - Type: ACT_GATHER_INFO
2012-04-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2453.nasl - Type: ACT_GATHER_INFO