Known Vulnerabilities for products from Prosody

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Prosody".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-0217 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-08-26 2023-11-07
CVE-2021-37601 muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members... 7.5 - HIGH 2021-07-30 2023-11-07
CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret stri... 5.9 - MEDIUM 2021-05-13 2023-11-07
CVE-2021-32920 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. 7.5 - HIGH 2021-05-13 2023-11-07
CVE-2021-32919 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables a... 7.5 - HIGH 2021-05-13 2023-11-07
CVE-2021-32918 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-servic... 7.5 - HIGH 2021-05-13 2023-11-07
CVE-2021-32917 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the... 5.3 - MEDIUM 2021-05-13 2023-11-07
CVE-2020-8086 The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address pa... 9.8 - CRITICAL 2020-01-28 2020-02-04
CVE-2018-10847 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual hos... 8.8 - HIGH 2018-07-30 2019-10-09
CVE-2017-18265 Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility... 7.5 - HIGH 2018-05-09 2019-10-03
CVE-2016-1232 The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-s... 7.5 - HIGH 2016-01-12 2016-06-09
CVE-2016-1231 Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remot... 5.9 - MEDIUM 2016-01-12 2016-06-15
CVE-2016-0756 The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when gen... 5.3 - MEDIUM 2016-01-29 2016-12-06
CVE-2014-2745 Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to c... 7.8 - HIGH 2014-04-11 2014-04-19
CVE-2014-2744 plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compressio... 7.8 - HIGH 2014-04-11 2014-04-19
CVE-2011-2532 The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of ser... 5 - MEDIUM 2011-06-22 2011-06-28
CVE-2011-2531 Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which m... 4.3 - MEDIUM 2011-06-22 2011-06-28
CVE-2011-2205 Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a den... 5 - MEDIUM 2011-06-22 2017-08-29

Known software with vulnerabilities from Prosody

Type Vendor Product Version
ApplicationProsodyMod Auth Ldap2020-01-27
ApplicationProsodyMod Auth Ldap22020-01-27
ApplicationProsodyProsody0.1.0