| CVE-2021-37601 |
AVG-2237 |
Medium |
Yes |
Information disclosure |
It was discovered that Prosody 0.11.0 up to 0.11.9 exposes the list of entities (Jabber/XMPP addresses) affiliated (part of) a Multi-User chat to any user,... |
| CVE-2021-32921 |
AVG-1955 |
Medium |
Yes |
Information disclosure |
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that Prosody does not use a constant-time... |
| CVE-2021-32920 |
AVG-1955 |
Medium |
Yes |
Denial of service |
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that Prosody does not disable SSL/TLS... |
| CVE-2021-32919 |
AVG-1955 |
Medium |
Yes |
Authentication bypass |
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. The undocumented option ‘dialback_without_dialback’ enabled an... |
| CVE-2021-32918 |
AVG-1955 |
High |
Yes |
Denial of service |
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. It was discovered that default settings leave Prosody susceptible... |
| CVE-2021-32917 |
AVG-1955 |
Medium |
Yes |
Insufficient validation |
A security issue was found in the Prosody.im XMPP server software before version 0.11.9. mod_proxy65 is a file transfer proxy provided with Prosody to... |