Lucene search
+L

144 matches found

PyPA
PyPA
added 2021/11/23 12:15 a.m.12 views

PYSEC-2021-861

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS6.7AI score0.00398EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/07/12 1:15 p.m.2 views

DEBIAN-CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

7.5CVSS7.3AI score0.00574EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:42 p.m.37 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS5.7AI score0.00862EPSS
Exploits1References3Affected Software1
RubySec
RubySec
added 2021/04/13 12:0 a.m.14 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS2.9AI score0.00862EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/03/29 4:28 p.m.34 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.7AI score0.00884EPSS
Exploits1References4Affected Software1
RubySec
RubySec
added 2021/03/29 12:0 a.m.13 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS4.7AI score0.00884EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.49 views

Debian DLA-2583-1 : activemq security update

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...

7.5CVSS6.4AI score0.23255EPSS
Exploits0References7
OSV
OSV
added 2021/02/19 11:15 p.m.1 views

DEBIAN-CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.9AI score0.00884EPSS
Exploits1References1
Prion
Prion
added 2021/02/19 11:15 p.m.13 views

Design/Logic Flaw

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

4.3CVSS5.5AI score0.00884EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/02/19 12:0 a.m.8 views

Voloko Twitter-stream Trust Management Issues Vulnerability

Laust Rud Jacobsen Voloko Twitter-stream is an application from the individual developer Laust Rud Jacobsen in Denmark. It provides a simple Ruby client library for the Twitter-stream API. A vulnerability exists in Voloko Twitter-stream for trust management issues. The vulnerability stems from th...

5.9CVSS6.2AI score0.00884EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/05 7:50 p.m.32 views

Security Bulletin: CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client

Summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. Vulnerability Details CVEID:...

7.4CVSS1.8AI score0.0699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:19 p.m.69 views

Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)

Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...

7.4CVSS1.7AI score0.0699EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/06/15 7:54 a.m.16 views

MGASA-2020-0263 Updated axel packages fix security vulnerability

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...

5.9CVSS5.7AI score0.01928EPSS
Exploits1References4
OSV
OSV
added 2020/05/28 12:15 p.m.5 views

UBUNTU-CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate...

6.5CVSS7AI score0.01933EPSS
Exploits1References3
CNVD
CNVD
added 2020/05/27 12:0 a.m.18 views

Pichi Trust Management Issues Vulnerabilities

Pichi is a rule-based proxy software. A security vulnerability in the boost ASIO wrapper in the net/asio.cpp file in versions prior to Pichi 1.3.0 stems from the program's failure to check for TLS hostnames. No details of the vulnerability are provided at this time...

5.9CVSS6.8AI score0.00934EPSS
Exploits0References1
OSV
OSV
added 2020/05/26 11:15 p.m.17 views

CVE-2020-13616

The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...

5.9CVSS6.9AI score
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/05/26 10:8 p.m.32 views

CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

5.9CVSS5.6AI score0.01928EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/22 8:46 a.m.21 views

Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-8039, CVE-2017-1788)

Summary Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, and IBM Watson Content Analytics. Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote...

8.1CVSS1AI score0.10348EPSS
Exploits0Affected Software2
Snyk
Snyk
added 2020/05/19 11:17 p.m.2 views

Man-in-the-Middle (MitM)

Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can assume the identity of a trusted server and...

8.2CVSS6.8AI score0.00751EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/28 1:15 a.m.38 views

Security Bulletin: Apache ActiveMQ Client used in IBM Jazz for Service Management could allow a remote attacker to conduct a man-in-the-middle attack (CVE-2018-11775)

Summary Apache ActiveMQ Client used in IBM Jazz for Service Management could allow a remote attacker to conduct a man-in-the-middle attack CVE-2018-11775 Vulnerability Details CVEID: CVE-2018-11775 DESCRIPTION: Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle...

7.4CVSS3.2AI score0.0699EPSS
Exploits0Affected Software1
Rows per page
Query Builder