Daniel Gultsch

**Name of the Vulnerable Software and Affected Versions** Dino before 2019-09-10 **Description** The issue is related to insufficient input validation in the /roster/module.vala module of the Dino instant messaging client. This can potentially allow a remote attacker to impact data integrity. **Recommendations** For versions prior to 2019-09-10, update to a version released after 2019-09-10 to resolve the issue. As a temporary workaround, consider restricting access to the /roster/module.vala module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dino before 2019-09-10 **Description** The issue is related to insufficient input validation in the /xep/0280 message carbons.vala module of the Dino instant messaging client. This could allow a remote attacker to impact data integrity. The problem lies in the module's failure to properly check the source of a carbons message. **Recommendations** For versions prior to 2019-09-10, as a temporary workaround, consider disabling the module/xep/0280 message carbons.vala until a patch is available. Restrict access to this module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Converse.js and Inverse.js versions prior to 3.4 **Description** The issue allows remote attackers to obtain sensitive information due to the difficulty in determining whether the safe publication of private data was configured or intended. This could lead to the exposure of private data, such as chatroom bookmarks, which users might expect to be private. **Recommendations** For Converse.js and Inverse.js versions prior to 3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gajim versions prior to 0.16.5 **Description** The issue allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. **Recommendations** For versions prior to 0.16.5, update to version 0.16.5 or later to resolve the issue.