6.4
CVE-2011-1000
- EPSS 2.9%
- Veröffentlicht 19.02.2011 01:00:03
- Zuletzt bearbeitet 16.06.2026 23:28:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freedesktop ≫ Telepathy Gabble Version0.11
Freedesktop ≫ Telepathy Gabble Version0.11.1
Freedesktop ≫ Telepathy Gabble Version0.11.2
Freedesktop ≫ Telepathy Gabble Version0.11.3
Freedesktop ≫ Telepathy Gabble Version0.11.4
Freedesktop ≫ Telepathy Gabble Version0.11.5
Freedesktop ≫ Telepathy Gabble Version0.11.6
Freedesktop ≫ Telepathy Gabble Version0.10
Freedesktop ≫ Telepathy Gabble Version0.10.1
Freedesktop ≫ Telepathy Gabble Version0.10.2
Freedesktop ≫ Telepathy Gabble Version0.10.3
Freedesktop ≫ Telepathy Gabble Version0.10.4
Freedesktop ≫ Telepathy Gabble Version0.8
Freedesktop ≫ Telepathy Gabble Version0.8.1
Freedesktop ≫ Telepathy Gabble Version0.8.2
Freedesktop ≫ Telepathy Gabble Version0.8.3
Freedesktop ≫ Telepathy Gabble Version0.8.4
Freedesktop ≫ Telepathy Gabble Version0.8.5
Freedesktop ≫ Telepathy Gabble Version0.8.6
Freedesktop ≫ Telepathy Gabble Version0.8.7
Freedesktop ≫ Telepathy Gabble Version0.8.8
Freedesktop ≫ Telepathy Gabble Version0.8.9
Freedesktop ≫ Telepathy Gabble Version0.8.10
Freedesktop ≫ Telepathy Gabble Version0.8.11
Freedesktop ≫ Telepathy Gabble Version0.8.12
Freedesktop ≫ Telepathy Gabble Version0.8.13
Freedesktop ≫ Telepathy Gabble Version0.8.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.9% | 0.851 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054324.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054575.html
http://secunia.com/advisories/43316
http://secunia.com/advisories/43369
http://secunia.com/advisories/43404
http://secunia.com/advisories/43485
http://secunia.com/advisories/43545
http://secunia.com/advisories/44023
http://www.debian.org/security/2011/dsa-2169
http://www.openwall.com/lists/oss-security/2011/02/17/4
http://www.openwall.com/lists/oss-security/2011/02/17/7
http://www.securityfocus.com/bid/46440
http://www.ubuntu.com/usn/USN-1067-1
http://www.vupen.com/english/advisories/2011/0412
http://www.vupen.com/english/advisories/2011/0428
http://www.vupen.com/english/advisories/2011/0537
http://www.vupen.com/english/advisories/2011/0572
http://www.vupen.com/english/advisories/2011/0901
https://bugs.freedesktop.org/show_bug.cgi?id=34048
https://exchange.xforce.ibmcloud.com/vulnerabilities/65523
https://hermes.opensuse.org/messages/7848248