91 matches found
EUVD-2019-0130
Malware in sbrugna...
EUVD-2022-0279
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-1000021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage ...
Linux Distros Unpatched Vulnerability : CVE-2017-5591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect implementation of XEP-0280: Message Carbons in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the...
Linux Distros Unpatched Vulnerability : CVE-2022-45197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. CVE-2022-45197...
python311-slixmpp-1.8.6-1.1 on GA media (moderate)
python311-slixmpp-1.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14628-1 Rating: moderate Cross-References: CVE-2022-45197 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
FreeBSD : Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream (f9cfdb00-7f43-11ef-9b27-592d55dd336d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9cfdb00-7f43-11ef-9b27-592d55dd336d advisory. NIST reports: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an...
SUSE CVE-2019-1000021
slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...
OPENSUSE-SU-2024:14165-1 python310-slixmpp-1.8.5-1.2 on GA media
These are all security issues fixed in the python310-slixmpp-1.8.5-1.2 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11274-1 python36-slixmpp-1.5.2-1.9 on GA media
These are all security issues fixed in the python36-slixmpp-1.5.2-1.9 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12551-1 python310-slixmpp-1.8.3-1.1 on GA media
These are all security issues fixed in the python310-slixmpp-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed...
slixmpp: Insufficient Certificate Validation
Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...
GLSA-202305-07 : slixmpp: Insufficient Certificate Validation
The remote host is affected by the vulnerability described in GLSA-202305-07 slixmpp: Insufficient Certificate Validation - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. CVE-2022-45197 Note that Ness...
FreeBSD : py-slixmpp -- incomplete SSL certificate validation (93db4f92-9997-4f4f-8614-3963d9e2b0ec)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93db4f92-9997-4f4f-8614-3963d9e2b0ec advisory. - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to...
SUSE CVE-2017-5591
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...
SUSE CVE-2022-45197
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
GHSA-Q6CQ-M9GM-6Q2F Slixmpp lacks SSL Certificate hostname validation in XMLStream
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
Slixmpp lacks SSL Certificate hostname validation in XMLStream
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
CVE-2022-45197
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
DEBIAN-CVE-2022-45197
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...