Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Igniterealtime Subscribe
Filtered by product Smack
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-0364 1 Igniterealtime 1 Smack 2021-02-23 5.0 MEDIUM N/A
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2021-02-23 4.3 MEDIUM 5.9 MEDIUM
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2014-0363 1 Igniterealtime 1 Smack 2021-02-23 5.8 MEDIUM N/A
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.