FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 05:51:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
76d80b33-7211-11e7-998a-08606e47f965	jabberd -- authentication bypass vulnerability SecurityFocus reports: JabberD is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. Discovery 2017-07-03 Entry 2017-07-26 jabberd < 2.6.1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032 http://www.securityfocus.com/bid/99511 CVE-2017-10807
4d1d2f6d-ec94-11e1-8bd8-0022156e8794	jabberd -- domain spoofing in server dialback protocol XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol. Discovery 2012-08-21 Entry 2012-08-23 jabberd < 2.2.16_2 CVE-2012-3525 http://xmpp.org/resources/security-notices/server-dialback/

VuXML ID

Description

76d80b33-7211-11e7-998a-08606e47f965

jabberd -- authentication bypass vulnerability

SecurityFocus reports:

JabberD is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.

Discovery 2017-07-03
Entry 2017-07-26
jabberd

< 2.6.1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867032
http://www.securityfocus.com/bid/99511
CVE-2017-10807

4d1d2f6d-ec94-11e1-8bd8-0022156e8794

jabberd -- domain spoofing in server dialback protocol

XMPP Standards Foundation reports:

Some implementations of the XMPP Server Dialback protocol (RFC 3920/XEP-0220) have not been checking dialback responses to ensure that validated results are correlated with requests.

An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.

Discovery 2012-08-21
Entry 2012-08-23
jabberd

< 2.2.16_2

CVE-2012-3525
http://xmpp.org/resources/security-notices/server-dialback/