Vulnerabilities (CVE)

Filtered by vendor Igniterealtime Subscribe
Filtered by product Smack
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2014-0364 1 Igniterealtime 1 Smack 2024-11-21 5.0 MEDIUM N/A
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
CVE-2014-0363 1 Igniterealtime 1 Smack 2024-11-21 5.8 MEDIUM N/A
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.