Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...
5.4CVSS
5.2AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.042EPSS
8.8CVSS
8.7AI Score
0.009EPSS
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as...
9.8CVSS
9.6AI Score
0.04EPSS
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information...
5.3CVSS
5.4AI Score
0.003EPSS
6.5CVSS
6.6AI Score
0.003EPSS
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor...
9.8CVSS
9.4AI Score
0.945EPSS
6.1CVSS
6.3AI Score
0.004EPSS
7.3CVSS
7.2AI Score
0.006EPSS
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
7.4CVSS
7AI Score
0.002EPSS
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with...
7.4CVSS
7.2AI Score
0.001EPSS
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer,....
5.9CVSS
5.7AI Score
0.001EPSS
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to...
6.5CVSS
6AI Score
0.001EPSS