8 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. ejabberd anterior a 2.1.13 no fuerza la configuración starttls_required cuando se utiliza la compresión, lo que causa que clientes establezcan conexiones sin codificación. • http://advisories.mageia.org/MGASA-2014-0417.html http://mail.jabber.org/pipermail/operators/2014-October/002438.html http://seclists.org/oss-sec/2014/q4/312 http://www.mandriva.com/security/advisories?name=MDVSA-2014:207 http://www.mandriva.com/security/advisories?name=MDVSA-2015:175 http://www.securityfocus.com/bid/70415 https://bugzilla.redhat.com/show_bug.cgi?id=1153839 https://github.com/processone/ejabberd/commit/7bdc1151b • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. El controlador TLS en ejabberd anterior a 2.1.12 soporta (1) SSLv2 y (2) cifradores SSL débiles, lo que hace más fácil para atacantes remotos obtener información sensible a través de un ataque de fuerza bruta. • http://www.debian.org/security/2013/dsa-2775 https://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.12 • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute. El módulo de mod_pubsub (mod_pubsub.erl) en ejabberd v2.1.8 y v3.0.0-alpha-3 permite a usuarios remotos autenticados provocar una denegación de servicio (bucle infinito) a través de una estrofa con una etiqueta de publicación que carece de un atributo de nodo. • http://secunia.com/advisories/46915 http://www.openwall.com/lists/oss-security/2011/11/19/1 http://www.openwall.com/lists/oss-security/2011/11/19/2 http://www.osvdb.org/77302 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9 https://support.process-one.net/browse/EJAB-1498 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 6%CPEs: 34EXPL: 0

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. expat_erl.c en ejabberd v2.1.7 y v3.x antes de v3.0.0-alpha-3, y exmpp antes de v0.9.7, no detecta correctamente la recursividad durante la expansión de la entidad, lo que permite a atacantes remotos provocar una denegación de servicio ( la memoria y el consumo de CPU ) a través de un documento XML manipulado que contiene un gran número de referencias a entidades anidadas, un problema similar a CVE-2003-1564. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062099.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062145.html http://secunia.com/advisories/44765 http://secunia.com/advisories/44807 http://secunia.com/advisories/45120 http://www.debian.org/security/2011/dsa-2248 http://www.ejabberd.im/ejabberd-2.1.7 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.7 http://www.securityfocus.com/bid/48072 https:/&#x • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 8%CPEs: 22EXPL: 0

ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload. ejabberd_c2s.erl en ejabberd anterior v2.1.3, permite a atacantes remotos provocar una denegación de servicio(caída de demonio) a través de un gran número de mensajes de c2s(también conocido como client2server) que provocan una carga en la cola. • http://secunia.com/advisories/38337 http://secunia.com/advisories/39423 http://www.debian.org/security/2010/dsa-2033 http://www.openwall.com/lists/oss-security/2010/01/29/1 http://www.openwall.com/lists/oss-security/2010/01/29/5 http://www.osvdb.org/62066 http://www.securityfocus.com/bid/38003 http://www.vupen.com/english/advisories/2010/0894 https://exchange.xforce.ibmcloud.com/vulnerabilities/56025 https://support.process-one.net/browse/EJAB-1173 • CWE-20: Improper Input Validation •