Количество 10
Количество 10
GHSA-4hw8-r3fw-2q2x
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
CVE-2022-26491
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
CVE-2022-26491
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
CVE-2022-26491
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968.
CVE-2022-26491
An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...
SUSE-SU-2022:1693-1
Security update for pidgin
SUSE-SU-2022:1665-1
Security update for pidgin
SUSE-SU-2022:1664-1
Security update for pidgin
ROS-20250326-01
Уязвимость pidgin
BDU:2025-03801
Уязвимость системы мгновенного обмена сообщениями Pidgin, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить контроль над соединением XMPP, учетные данные пользователя и содержимое сообщений
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4hw8-r3fw-2q2x An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-26491 An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-26491 An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | CVSS3: 6.4 | 1% Низкий | больше 3 лет назад |
 | CVE-2022-26491 An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад |
| CVE-2022-26491 An issue was discovered in Pidgin before 2.14.9. A remote attacker who ... | CVSS3: 5.9 | 1% Низкий | больше 3 лет назад |
 | SUSE-SU-2022:1693-1 Security update for pidgin | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:1665-1 Security update for pidgin | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:1664-1 Security update for pidgin | 1% Низкий | больше 3 лет назад | |
 | ROS-20250326-01 Уязвимость pidgin | CVSS3: 5.9 | 1% Низкий | 6 месяцев назад |
 | BDU:2025-03801 Уязвимость системы мгновенного обмена сообщениями Pidgin, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить контроль над соединением XMPP, учетные данные пользователя и содержимое сообщений | CVSS3: 6.4 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу