Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-FA99AEC6C60E07FA8E363D5714ADB8A4HistoryFeb 12, 2022 - 12:00 a.m.
TLS certificate validation error
2022-02-1200:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
11
0.001 Low
EPSS
Percentile
34.3%
In mellium.im/xmpp, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/mellium.im/xmpp | lt | 0.21.1 |
Related
cnvd
cnvd
Mellium has unspecified vulnerabilities
2022-02-15 00:00:00
osv
osv
Man-in-the-middle attack due to improper validation of certificate in mellium.im/xmpp
2022-07-29 20:00:14
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
2022-02-16 22:56:21
GO-2022-0947
2022-08-22 17:20:29
cvelist
cvelist
CVE-2022-24968
2022-02-11 18:16:54
CVE-2022-26491
2022-05-31 04:25:23
cve
cve
CVE-2022-24968
2022-02-11 22:15:07
CVE-2022-26491
2022-06-02 14:15:40
veracode
veracode
DNS Spoofing
2022-02-17 05:16:34
prion
prion
Design/Logic Flaw
2022-02-11 22:15:00
Design/Logic Flaw
2022-06-02 14:15:00
nvd
nvd
CVE-2022-24968
2022-02-11 22:15:07
CVE-2022-26491
2022-06-02 14:15:40
github
github
nessus
nessus
SUSE SLED15 / SLES15 Security Update : pidgin (SUSE-SU-2022:1693-1)
2022-05-18 00:00:00
EulerOS 2.0 SP5 : pidgin (EulerOS-SA-2022-2277)
2022-08-17 00:00:00
SUSE SLED12 / SLES12 Security Update : pidgin (SUSE-SU-2022:1664-1)
2022-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2022-26491
2022-06-02 00:00:00
alpinelinux
alpinelinux
CVE-2022-26491
2022-06-02 14:15:40
debiancve
debiancve
CVE-2022-26491
2022-06-02 14:15:40
amazon
amazon
Medium: pidgin
2023-07-05 22:01:00
openvas
openvas
Huawei EulerOS: Security Advisory for pidgin (EulerOS-SA-2022-2230)
2022-08-18 00:00:00