Every CVE whose affected-product data names Gajim, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2012-2086 — CVSS 7.5 (high): SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to…
CVE-2021-41055 — CVSS 7.5 (high): Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction…
CVE-2012-2085 — CVSS 6.8 (medium): The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via…
CVE-2015-8688 — CVSS 5.4 (medium): Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza.
CVE-2022-39835 — CVSS 5.3 (medium): An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were…
CVE-2016-10376 — CVSS 4.5 (medium): Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP…
CVE-2012-5524 — CVSS 4.3 (medium): The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote…
CVE-2012-2093 — CVSS 3.3 (low): src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related…