CPE-35D1D79C-58B9-4B08-A9B9-CB6E10BF3752 Detail

CPE Details

Prosody 0.10.1

Vendor

prosody

Product

prosody

Version

0.10.1

Created

2019-01-29
13h39 +00:00

Modified

2019-01-29
13h39 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:prosody:prosody:0.10.1:::::::*

Informations

Vendor

prosody

Product

prosody

Version

0.10.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-0217	2022-08-26 15h25 +00:00	It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).	7.5	High
CVE-2021-32921	2021-05-13 13h14 +00:00	An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.	5.9	Medium
CVE-2021-32920	2021-05-13 13h14 +00:00	Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.	7.5	High
CVE-2021-32919	2021-05-13 13h12 +00:00	An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).	7.5	High
CVE-2021-32918	2021-05-13 13h11 +00:00	An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.	7.5	High
CVE-2021-32917	2021-05-13 13h10 +00:00	An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.	5.3	Medium
CVE-2018-10847	2018-07-30 14h00 +00:00	prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.	8.8	High

Prosody 0.10.1

CPE Details

CPE Name: cpe:2.3:a:prosody:prosody:0.10.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:prosody:prosody:0.10.1:::::::*