VulnerableCode Package Details - pkg:deb/debian/mcabber@0.10.0-1%2Bsqueeze1

Search for packages

Vulnerability	Summary	Fixed by
VCID-d79u-7k2v-4qd4 Aliases: CVE-2016-9928	MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.	1.0.4-1.1 Affected by 0 other vulnerabilities.
VCID-hdb9-p8sz-tfg9 Aliases: CVE-2017-5604	An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.	1.0.4-1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-d79u-7k2v-4qd4
Aliases:
CVE-2016-9928

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.

1.0.4-1.1
Affected by 0 other vulnerabilities.

VCID-hdb9-p8sz-tfg9
Aliases:
CVE-2017-5604

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.

1.0.4-1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4zzy-q5zp-jkgm	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3720
VCID-qtav-hqnd-b7fa	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3560

Vulnerability

Summary

Aliases

VCID-4zzy-q5zp-jkgm

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

CVE-2009-3720

VCID-qtav-hqnd-b7fa

CVE-2009-3560

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T19:32:08.550786+00:00	Debian Oval Importer	Affected by	VCID-d79u-7k2v-4qd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:48:15.662514+00:00	Debian Oval Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:21:31.926033+00:00	Debian Oval Importer	Fixing	VCID-qtav-hqnd-b7fa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:52:26.308653+00:00	Debian Oval Importer	Affected by	VCID-hdb9-p8sz-tfg9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:14:56.673837+00:00	Debian Oval Importer	Affected by	VCID-d79u-7k2v-4qd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:35:57.238226+00:00	Debian Oval Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:09:47.114642+00:00	Debian Oval Importer	Fixing	VCID-qtav-hqnd-b7fa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:24:23.472566+00:00	Debian Oval Importer	Affected by	VCID-hdb9-p8sz-tfg9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:58:54.379502+00:00	Debian Oval Importer	Affected by	VCID-d79u-7k2v-4qd4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:29:58.369923+00:00	Debian Oval Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:04:52.589190+00:00	Debian Oval Importer	Fixing	VCID-qtav-hqnd-b7fa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0