Lucene search
K

137 matches found

Cvelist
Cvelist
added 2022/12/15 10:17 a.m.48 views

CVE-2022-32531 Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

5.8AI score0.01021EPSS
Exploits0References1
OSV
OSV
added 2022/09/25 12:0 a.m.22 views

GHSA-JVF3-MFXV-JCQR Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

5.9CVSS6.2AI score0.00597EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/09/25 12:0 a.m.20 views

Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

5.9CVSS6AI score0.0058EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/23 9:25 a.m.29 views

CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack

TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle...

5.9AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2022/09/23 9:25 a.m.17 views

CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

5.9CVSS6.3AI score0.0058EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.9 views

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...

5.9CVSS5.7AI score0.0058EPSS
Exploits0References7
OSV
OSV
added 2022/06/15 5:15 p.m.6 views

CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...

9.1CVSS5.8AI score0.00743EPSS
Exploits0References4
Prion
Prion
added 2022/06/15 5:15 p.m.24 views

Hardcoded credentials

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...

6.4CVSS9.1AI score0.00743EPSS
Exploits0References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/06/14 11:55 a.m.4 views

CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...

9.1CVSS5.4AI score0.00743EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/06/14 11:55 a.m.3 views

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...

8.1CVSS5.5AI score0.00762EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:59 p.m.44 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039)

Summary WebSphere Application Server is vulnerable to possible man-in-the-middle attacks. This is caused by the failure to encrypt ORB communication or by an Apache CXF vulnerability. Vulnerability Details CVEID: CVE-2018-1683 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a...

8.1CVSS0.5AI score0.10348EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2021-0594)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.00962EPSS
Exploits1References4
OSV
OSV
added 2021/12/30 4:41 p.m.8 views

MGASA-2021-0594 Updated e2guardian packages fix security vulnerability

e2guardian did not validate TLS hostnames CVE-2021-44273...

7.4CVSS7.4AI score0.00962EPSS
Exploits1References3
PyPA
PyPA
added 2021/11/23 12:15 a.m.12 views

PYSEC-2021-861

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS6.7AI score0.00398EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/07/12 1:15 p.m.2 views

DEBIAN-CVE-2021-36377

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation...

7.5CVSS7.3AI score0.00574EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:42 p.m.35 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS5.7AI score0.00862EPSS
Exploits1References3Affected Software1
RubySec
RubySec
added 2021/04/13 12:0 a.m.14 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS2.9AI score0.00862EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/03/29 4:28 p.m.33 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.7AI score0.00884EPSS
Exploits1References4Affected Software1
RubySec
RubySec
added 2021/03/29 12:0 a.m.13 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS4.7AI score0.00884EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.48 views

Debian DLA-2583-1 : activemq security update

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...

7.5CVSS6.4AI score0.23255EPSS
Exploits0References7
Rows per page
Query Builder