MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

PT-2024-27243 · Unknown · Ada Web Server

Name of the Vulnerable Software and Affected Versions: Ada Web Server version 20.0 Description: An issue was discovered in Ada Web Server when configured to use SSL, which is not the default setting. The SSL/TLS used to establish connections to external services is done without proper hostname...

CVE-2023-32993

Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2022-41244

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

DEBIAN-CVE-2018-21029

systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication SNI is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname...