Debian Dino-Im vulnerabilities

5 known vulnerabilities affecting debian/dino-im.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-28686HIGHCVSS 7.1fixed in dino-im 0.4.2-1 (bookworm)2023
CVE-2023-28686 [HIGH] CVE-2023-28686: dino-im - Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers t... Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. Scope: local bookworm: resolved (fixed in 0.4.2-1) bullseye: resolv
debian
CVE-2021-33896MEDIUMCVSS 5.3fixed in dino-im 0.2.0-3 (bookworm)2021
CVE-2021-33896 [MEDIUM] CVE-2021-33896: dino-im - Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for cr... Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. Scope: local bookworm: resolved (fixed in 0.2.0-3) bullseye: resolved (fixed in 0.2.0-3) forky: resolved (fixed in 0.2.0-3) sid: resolved (fixed in 0.2.0-3) trixie: resolved (fixed in 0.2.0-3)
debian
CVE-2019-16236HIGHCVSS 7.5fixed in dino-im 0.0.git20190911.2a70a4e-1 (bookworm)2019
CVE-2019-16236 [HIGH] CVE-2019-16236: dino-im - Dino before 2019-09-10 does not check roster push authorization in module/roster... Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Scope: local bookworm: resolved (fixed in 0.0.git20190911.2a70a4e-1) bullseye: resolved (fixed in 0.0.git20190911.2a70a4e-1) forky: resolved (fixed in 0.0.git20190911.2a70a4e-1) sid: resolved (fixed in 0.0.git20190911.2a70a4e-1) trixie: resolved (fixed in 0.0.git20190911.2a
debian
CVE-2019-16237HIGHCVSS 7.5fixed in dino-im 0.0.git20190911.2a70a4e-1 (bookworm)2019
CVE-2019-16237 [HIGH] CVE-2019-16237: dino-im - Dino before 2019-09-10 does not properly check the source of an MAM message in m... Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. Scope: local bookworm: resolved (fixed in 0.0.git20190911.2a70a4e-1) bullseye: resolved (fixed in 0.0.git20190911.2a70a4e-1) forky: resolved (fixed in 0.0.git20190911.2a70a4e-1) sid: resolved (fixed in 0.0.git20190911.2a70a4e-1) trixie: res
debian
CVE-2019-16235HIGHCVSS 7.5fixed in dino-im 0.0.git20190911.2a70a4e-1 (bookworm)2019
CVE-2019-16235 [HIGH] CVE-2019-16235: dino-im - Dino before 2019-09-10 does not properly check the source of a carbons message i... Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Scope: local bookworm: resolved (fixed in 0.0.git20190911.2a70a4e-1) bullseye: resolved (fixed in 0.0.git20190911.2a70a4e-1) forky: resolved (fixed in 0.0.git20190911.2a70a4e-1) sid: resolved (fixed in 0.0.git20190911.2a70a4e-1) trixie: resolved (f
debian