Lucene search
K

329 matches found

CVE
CVE
added 2022/04/02 4:36 p.m.114 views

CVE-2022-28352

WeeChat (Wee Enhanced Environment for Chat) versions 3.2–3.4 prior to 3.4.1 are vulnerable: after certain GnuTLS options are changed, WeeChat fails to properly verify the TLS server certificate, enabling MITM attackers to spoof a TLS chat server with an arbitrary certificate. This affects scenari...

4.8CVSS5AI score0.00426EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/04/02 4:36 p.m.19 views

CVE-2022-28352

WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...

4.3CVSS6.8AI score0.00426EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/04/02 4:36 p.m.22 views

CVE-2022-28352

WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...

4.3CVSS5.4AI score0.00426EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2022/04/02 4:36 p.m.75 views

CVE-2022-28352

WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...

4.8CVSS5.4AI score0.00426EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/04/02 4:36 p.m.55 views

CVE-2022-28352

WeeChat aka Wee Enhanced Environment for Chat 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects...

4.8CVSS5.1AI score0.00426EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/02 12:0 a.m.5 views

WeeChat 信任管理问题漏洞

WeeChat is a scalable live chat client application. A security vulnerability exists in WeeChat versions 3.2 through 3.4 that stems from not properly validating the server's TLS certificate, which could allow an attacker to spoof a TLS chat server with an arbitrary certificate after certain GnuTLS...

4.8CVSS5.4AI score0.00426EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/03/20 12:0 a.m.38 views

openSUSE 15 Security Update : weechat (openSUSE-SU-2022:0083-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0083-1 advisory. - WeeChat before 3.2.1 allows remote attackers to cause a denial of service crash via a crafted WebSocket frame that trigger an out-of-bounds read i...

7.5CVSS7.2AI score0.01594EPSS
Exploits0References4
OSV
OSV
added 2022/03/18 3:1 p.m.5 views

OPENSUSE-SU-2022:0083-1 Security update for weechat

This update for weechat fixes the following issues: update to 3.2.1: CVE-2021-40516: relay: fix crash when decoding a malformed websocket frame boo1190206 update to 3.2 main changes: use XDG directories by default config, data, cache, runtime add support of IRC SASL mechanisms SCRAM-SHA-1,...

7.5CVSS8.1AI score0.01594EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2022/03/18 12:0 a.m.56 views

Security update for weechat (moderate)

openSUSE Security Update: Security update for weechat Announcement ID: openSUSE-SU-2022:0083-1 Rating: moderate References: 1190206 Cross-References: CVE-2021-40516 Affected Products: openSUSE Backports SLE-15-SP3 An update that fixes one vulnerability is now available. Description: This update f...

7.5CVSS6.9AI score0.01594EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.12 views

FreeBSD : Weechat -- Possible man-in-the-middle attack in TLS connection to servers (3ba1ca94-a563-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3ba1ca94-a563-11ec-8be6-d4c9ef517024 advisory. - The Weechat project reports: After changing the options weechat.network.gnutlscasystem or...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2022/03/13 12:0 a.m.11 views

Weechat -- Possible man-in-the-middle attack in TLS connection to servers

The Weechat project reports: After changing the options weechat.network.gnutlscasystem or weechat.network.gnutlscauser, the TLS verification function is lost. Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attac...

2AI score
Exploits0References1
OSV
OSV
added 2022/02/04 4:38 p.m.4 views

USN-5258-1 weechat vulnerabilities

Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...

9.8CVSS7.2AI score0.03684EPSS
Exploits1References6
Ubuntu
Ubuntu
added 2022/02/04 4:38 p.m.40 views

USN-5258-1: WeeChat vulnerabilities

Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...

9.8CVSS7.4AI score0.03684EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2020-0122)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.03684EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2017-0190)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.03107EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2021-0466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01594EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2017-0369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02836EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2020-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.02193EPSS
Exploits1References4
Mageia
Mageia
added 2021/10/06 7:41 p.m.35 views

Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS1.5AI score0.01594EPSS
Exploits0References2
OSV
OSV
added 2021/10/06 7:41 p.m.7 views

MGASA-2021-0466 Updated weechat packages fix security vulnerability

A crafted WebSocket frame could result in a crash in the weechat Relay plugin...

7.5CVSS7.8AI score0.01594EPSS
Exploits0References3
Rows per page
Query Builder