Filtered by vendor Igniterealtime Subscriptions
Filtered by product Smack Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-10027 2 Fedoraproject, Igniterealtime 2 Fedora, Smack 2024-11-21 5.9 Medium
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVE-2014-0364 2 Igniterealtime, Redhat 4 Smack, Jboss Bpms, Jboss Brms and 1 more 2024-11-21 N/A
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
CVE-2014-0363 2 Igniterealtime, Redhat 4 Smack, Jboss Bpms, Jboss Brms and 1 more 2024-11-21 N/A
The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.