EUVD-2022-0279

Malicious code in bioql PyPI...

FreeBSD : Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream (f9cfdb00-7f43-11ef-9b27-592d55dd336d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f9cfdb00-7f43-11ef-9b27-592d55dd336d advisory. NIST reports: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an...

GLSA-202305-07 : slixmpp: Insufficient Certificate Validation

The remote host is affected by the vulnerability described in GLSA-202305-07 slixmpp: Insufficient Certificate Validation - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. CVE-2022-45197 Note that Ness...

SUSE CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

GHSA-Q6CQ-M9GM-6Q2F Slixmpp lacks SSL Certificate hostname validation in XMLStream

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

Slixmpp lacks SSL Certificate hostname validation in XMLStream

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

DEBIAN-CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

PYSEC-2022-43013

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

Input validation

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

py-slixmpp -- incomplete SSL certificate validation

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

CVE-2022-45197

Summary: CVE-2022-45197 affects Slixmpp prior to 1.8.3, which lacks hostname validation for SSL certificates in XMLStream, enabling an attacker to impersonate a server. This is a High-severity, network-based issue with no user interaction required. What’s affected: Slixmpp (Python XMPP library) b...

Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream

NIST reports: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

openSUSE 15 Security Update : python-slixmpp (openSUSE-SU-2022:10242-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10242-1 advisory. - Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

PT-2022-27427 · Slixmpp +1 · Slixmpp +1

Name of the Vulnerable Software and Affected Versions: Slixmpp versions prior to 1.8.3 Description: The issue lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. Recommendations: For versions prior to 1.8.3, update to version...

In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections.

...

DEBIAN-CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

PT-2018-3492 · Twisted Matrix Laboratories +3 · Twisted +3

Name of the Vulnerable Software and Affected Versions: Twisted versions through 19.2.1 Description: The issue is related to the XMPP support in the words.protocols.jabber.xmlstream module of the Twisted network framework, which did not verify certificates when used with TLS. This allows an attack...