329 matches found
CVE-2022-28352
WeeChat (Wee Enhanced Environment for Chat) versions 3.2–3.4 prior to 3.4.1 are vulnerable: after certain GnuTLS options are changed, WeeChat fails to properly verify the TLS server certificate, enabling MITM attackers to spoof a TLS chat server with an arbitrary certificate. This affects scenari...
CVE-2022-28352
WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...
CVE-2022-28352
WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...
CVE-2022-28352
WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...
CVE-2022-28352
WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...
WeeChat 信任管理问题漏洞
WeeChat is a scalable live chat client application. A security vulnerability exists in WeeChat versions 3.2 through 3.4 that stems from not properly validating the server's TLS certificate, which could allow an attacker to spoof a TLS chat server with an arbitrary certificate after certain GnuTLS...
openSUSE 15 Security Update : weechat (openSUSE-SU-2022:0083-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0083-1 advisory. - WeeChat before 3.2.1 allows remote attackers to cause a denial of service crash via a crafted WebSocket frame that trigger an out-of-bounds read i...
OPENSUSE-SU-2022:0083-1 Security update for weechat
This update for weechat fixes the following issues: update to 3.2.1: CVE-2021-40516: relay: fix crash when decoding a malformed websocket frame boo1190206 update to 3.2 main changes: use XDG directories by default config, data, cache, runtime add support of IRC SASL mechanisms SCRAM-SHA-1,...
Security update for weechat (moderate)
openSUSE Security Update: Security update for weechat Announcement ID: openSUSE-SU-2022:0083-1 Rating: moderate References: 1190206 Cross-References: CVE-2021-40516 Affected Products: openSUSE Backports SLE-15-SP3 An update that fixes one vulnerability is now available. Description: This update f...
FreeBSD : Weechat -- Possible man-in-the-middle attack in TLS connection to servers (3ba1ca94-a563-11ec-8be6-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3ba1ca94-a563-11ec-8be6-d4c9ef517024 advisory. - The Weechat project reports: After changing the options weechat.network.gnutlscasystem or...
Weechat -- Possible man-in-the-middle attack in TLS connection to servers
The Weechat project reports: After changing the options weechat.network.gnutlscasystem or weechat.network.gnutlscauser, the TLS verification function is lost. Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attac...
USN-5258-1 weechat vulnerabilities
Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...
USN-5258-1: WeeChat vulnerabilities
Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...
Mageia: Security Advisory (MGASA-2020-0122)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0190)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0466)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0369)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0153)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated weechat packages fix security vulnerability
A crafted WebSocket frame could result in a crash in the weechat Relay plugin...
MGASA-2021-0466 Updated weechat packages fix security vulnerability
A crafted WebSocket frame could result in a crash in the weechat Relay plugin...