Moparisthebest

**Name of the Vulnerable Software and Affected Versions** Pidgin versions prior to 2.14.9 **Description** A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take control over the XMPP connection and obtain user credentials and all communication content. This issue can be exploited when DNSSEC is not used. **Recommendations** For versions prior to 2.14.9, update to version 2.14.9 or later to resolve the issue. As a temporary workaround, consider enabling DNSSEC to minimize the risk of DNS spoofing. Restrict access to sensitive information and communication content until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Prosody versions prior to 0.11.9 **Description** An issue in Prosody allows remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. The problem is related to an error in the resource control mechanism, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 0.11.9, update to version 0.11.9 or later to resolve the issue. As a temporary workaround, consider restricting default settings to prevent memory exhaustion until a patch is applied.