CVE-2022-33681

CVE-2022-33681 describes a vulnerability in the Apache Pulsar Java Client and Pulsar Proxy where delayed TLS hostname verification allows a MITM to capture authentication data. Affected software (from the provided docs) includes Apache Pulsar Java Client versions: 2.7.0–2.7.4; 2.8.0–2.8.3; 2.9.0–...

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777)

Summary There is a vulnerability in the Eclipse Paho library used by IBM WebSphere Application Server Liberty with the rtcomm-1.0 or rtcommGateway-1.0 feature enabled. This has been addressed. Vulnerability Details CVEID: CVE-2019-11777 DESCRIPTION: Eclipse Paho Java client could allow a remote...

new packages: mariadb-java-client

An update is available for mariadb-java-client. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2015-0227 via wss4j:wss4j (>=1.5.0 <=1.5.1)

wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...

CVE-2021-22573

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

CVE-2021-22573 Incorrect signature verification on Google-oauth-java-client

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

Google google-oauth-java-client 数据伪造问题漏洞

Google google-oauth-java-client Google OAuth Client Library for Java is a Java-based Google OAuth Open Authorization client library from Google, Inc. A security vulnerability exists in Google google-oauth-java-client, which stems from the IDToken authenticator not verifying that tokens are proper...

CVE-2022-1279

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...

CVE-2022-1279 Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...

EBICS Java Client 安全漏洞

EBICS Java Client is a Java open source EBICS client. It is used to interact with banks using EBICS Electronic Banking Internet Communications Standard. A security vulnerability exists in EBICS Java Client versions prior to 1.2, which stems from a problem with the cryptographic implementation of...

ai.ylyue:yue-library-webflux (=j11.2.6.0), ca.gc.cyber.ops:assemblyline-java-client (>=1.7 <=1.8) +544 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.6.0 <=2.6.5)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.6.0, =1.7, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =0.2.2, =1.1.3, =1.1.3, =3.12.0, =5.1.1-jdk1.8, =5.1.1-jdk1.8, =5.1.2-jdk1.8 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

OPENSUSE-SU-2022:0016-1 Security update for watchman

This update for watchman fixes the following issues: - ship README.suse that explains how to use the template systemd units - add user writable bit for systemd service and socket files - properly handle state directory creation in /run/watchman/$USER-state. The former approach was susceptible to ...

GHSA-M8WH-MQGF-RR8G Code injection in Kubernetes Java Client

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

Remote code execution

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...