Vulnerabilities > Mcabber

DATE CVE VULNERABILITY TITLE RISK
2020-02-06 CVE-2016-9928 Improper Privilege Management vulnerability in multiple products
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
network
high complexity
mcabber canonical debian CWE-269
7.4
2017-02-09 CVE-2017-5604 Origin Validation Error vulnerability in Mcabber
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display.
network
high complexity
mcabber CWE-346
5.9