CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28352
https://notcve.org/view.php?id=CVE-2022-28352
02 Apr 2022 — WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart. WeeChat (también se conoce como Wee Enhanced Environment for Chat) versiones 3.2 a 3.4 anterio... • https://github.com/weechat/weechat/issues/1763 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-40516
https://notcve.org/view.php?id=CVE-2021-40516
05 Sep 2021 — WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin. WeeChat versiones anteriores a 3.2.1, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un marco WebSocket diseñado que desencadena una lectura fuera de límites en el archivo plugins/relay/relay-websocket.c en el plugin Relay • https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b • CWE-125: Out-of-bounds Read •