19 matches found
CVE-2026-24932
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
Apache Log4j 安全漏洞
Apache Log4j is a Java-based open source logging tool from the Apache USA Foundation. A security vulnerability exists in Apache Log4j 2.25.2 and earlier versions, which stems from an unperformed TLS hostname validation and could lead to a man-in-the-middle attack...
EUVD-2021-0687
Malware in sbrugna...
EUVD-2021-0775
Malware in sbrugna...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Palantir 信任管理问题漏洞
Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Sls-logging prior to version 9.51.0 that originates from an unvalidated hostname i...
CVE-2022-32151
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...
Hardcoded credentials
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...
CVE-2022-32151
The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...
CVE-2022-32156
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...
Mageia: Security Advisory (MGASA-2021-0594)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0594 Updated e2guardian packages fix security vulnerability
e2guardian did not validate TLS hostnames CVE-2021-44273...
Improper Certificate Validation in TweetStream
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
Improper Certificate Validation in TweetStream
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
Improper Certificate Validation in twitter-stream
In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
DEBIAN-CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Design/Logic Flaw
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Apache ActiveMQ Security Restriction Bypass Vulnerability
Apache ActiveMQ Client is the United States Apache Apache Software Foundation developed a set of open-source messaging middleware client program , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ Client 5.15.6 before the version of a security...