📦

telepathy_gabble

Vendor: freedesktop

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.86% Exploit Prob.

Latest CVE CVE-2013-1769 Jan 21

Security Vulnerability Index

Page 1 / 1

5.0 CVSS

CVE-2013-1769

A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.

EPSS: 0.89%

Severity: MEDIUM

Jan 21, 2014

6.8 CVSS

CVE-2013-1431

The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.

EPSS: 0.43%

Severity: MEDIUM

Sep 23, 2013

6.4 CVSS

CVE-2011-1000

jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

EPSS: 1.26%

Severity: MEDIUM

Feb 19, 2011

Displaying 3 of 2 Total Entries

Total 1 Sections