1026 matches found
SUSE CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
EUVD-2026-36465
Netty: Wrapping plain trust manager silently disables hostname verification...
GHSA-C653-97M9-RCG9 Netty: Wrapping plain trust manager silently disables hostname verification
SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...
Netty: Wrapping plain trust manager silently disables hostname verification
SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...
CVE-2026-50010
A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...
UBUNTU-CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010
Netty CVE-2026-50010 affects 4.1.135.Final and 4.2.15.Final. When using SimpleTrustManagerFactory.engineGetTrustManagers(), a user-supplied plain X509TrustManager is wrapped in X509TrustManagerWrapper. This wrapper makes the trust manager appear as X509ExtendedTrustManager but implements checkSer...
CVE-2026-50010 Netty's wrapping plain trust manager silently disables hostname verification
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010 Netty's wrapping plain trust manager silently disables hostname verification
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
PT-2026-48902
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty is a network application framework used for developing protocol servers and clients. The SimpleTrustManagerFactory.engineGetTrustManagers function and...
Linux Distros Unpatched Vulnerability : CVE-2026-50010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)
The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)
Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...
CVE-2026-40992
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
CVE-2026-40992 Mail Auto-Configuration Does Not Enable SSL Hostname Verification
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
CVE-2026-40992 Mail Auto-Configuration Does Not Enable SSL Hostname Verification
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
CVE-2026-40992
CVE-2026-40992 concerns Spring Boot's Mail auto-configuration not enabling hostname verification by default. Affected: Spring Boot 4.0.0–4.0.6; 3.5.0–3.5.14; 3.4.0–3.4.16. The issue: hostname verification is not enabled; applications that explicitly set spring.mail.properties.mail.smtp.ssl.checks...
PT-2026-48616
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
VMware Spring Boot 信任管理问题漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities related to trust management in versions of VMware Spring Boot 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, and 3.4.0 to 3.4.16. These vulnerabilities stem from the automatic email...