openfire
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | High performance XMPP (Jabber) server. |
| Version | 4.9.1-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2624 | 4.6.4-1 | 4.6.5-1 | Critical | Fixed | FS#72975 |
| AVG-15 | 4.0.4-1 | 4.1.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-44228 | AVG-2624 | Critical | Yes | Arbitrary code execution | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI... |
| CVE-2015-7707 | AVG-15 | High | Yes | Privilege escalation | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp. |
| CVE-2015-6973 | AVG-15 | Medium | Yes | Cross-site request forgery | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of... |
| CVE-2015-6972 | AVG-15 | Medium | Yes | Cross-site scripting | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 23 Dec 2016 | ASA-201612-21 | AVG-15 | High | multiple issues |