144 matches found
PYSEC-2021-861
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...
DEBIAN-CVE-2021-36377
Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...
Improper Certificate Validation in TweetStream
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
Improper Certificate Validation in TweetStream
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
Improper Certificate Validation in twitter-stream
In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Improper Certificate Validation in twitter-stream
In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Debian DLA-2583-1 : activemq security update
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...
DEBIAN-CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Design/Logic Flaw
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Voloko Twitter-stream Trust Management Issues Vulnerability
Laust Rud Jacobsen Voloko Twitter-stream is an application from the individual developer Laust Rud Jacobsen in Denmark. It provides a simple Ruby client library for the Twitter-stream API. A vulnerability exists in Voloko Twitter-stream for trust management issues. The vulnerability stems from th...
Security Bulletin: CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client
Summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. Vulnerability Details CVEID:...
Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2018-11775)
Summary Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle attack, caused by a missing TLS hostname verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack between a Java application using the ActiveMQ client and the ActiveM...
MGASA-2020-0263 Updated axel packages fix security vulnerability
Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...
UBUNTU-CVE-2020-13645
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate...
Pichi Trust Management Issues Vulnerabilities
Pichi is a rule-based proxy software. A security vulnerability in the boost ASIO wrapper in the net/asio.cpp file in versions prior to Pichi 1.3.0 stems from the program's failure to check for TLS hostnames. No details of the vulnerability are provided at this time...
CVE-2020-13616
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification...
CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...
Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-8039, CVE-2017-1788)
Summary Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, and IBM Watson Content Analytics. Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote...
Man-in-the-Middle (MitM)
Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can assume the identity of a trusted server and...
Security Bulletin: Apache ActiveMQ Client used in IBM Jazz for Service Management could allow a remote attacker to conduct a man-in-the-middle attack (CVE-2018-11775)
Summary Apache ActiveMQ Client used in IBM Jazz for Service Management could allow a remote attacker to conduct a man-in-the-middle attack CVE-2018-11775 Vulnerability Details CVEID: CVE-2018-11775 DESCRIPTION: Apache ActiveMQ Client could allow a remote attacker to conduct a man-in-the-middle...