Latest prosody prosody Vulnerabilities

CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in ...
Prosody Prosody<0.11.12
redhat/prosody<0.11.12
CVE-2021-37601
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common con...
Prosody Prosody>=0.11.0<=0.11.9
CVE-2021-32917
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use o...
debian/prosody
Prosody Prosody<0.11.9
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 1 more
CVE-2021-32920
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.
debian/prosody
Prosody Prosody<0.11.9
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
CVE-2021-32921
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a ...
debian/prosody
Prosody Prosody<0.11.9
Lua Lua>=5.2.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
and 1 more
CVE-2021-32918
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...
debian/prosody
Prosody Prosody<0.11.9
Lua Lua=5.2.0
Lua Lua=5.3.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
and 2 more
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not cor...
debian/prosody
Prosody Prosody>=0.10.0<0.11.9
Debian Debian Linux=10.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
CVE-2018-10847
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. ...
Prosody Prosody<0.9.14
Prosody Prosody=0.10.0
Prosody Prosody=0.10.1
debian/prosody

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203