82 matches found
SUSE CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
EUVD-2026-36465
Netty: Wrapping plain trust manager silently disables hostname verification...
GHSA-C653-97M9-RCG9 Netty: Wrapping plain trust manager silently disables hostname verification
SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...
Netty: Wrapping plain trust manager silently disables hostname verification
SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...
CVE-2026-50010
A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager X509TrustManager, it fails to perform...
CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
UBUNTU-CVE-2026-50010
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010 Netty's wrapping plain trust manager silently disables hostname verification
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010 Netty's wrapping plain trust manager silently disables hostname verification
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends...
CVE-2026-50010
Netty CVE-2026-50010 affects 4.1.135.Final and 4.2.15.Final. When using SimpleTrustManagerFactory.engineGetTrustManagers(), a user-supplied plain X509TrustManager is wrapped in X509TrustManagerWrapper. This wrapper makes the trust manager appear as X509ExtendedTrustManager but implements checkSer...
CVE-2026-41714 In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: eclipse-ecf (UTSA-2026-016602)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016602 advisory. The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate...
Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...
Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing
A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS PTR lookup when IP Subject Alternative Name SAN validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper...
CLEANSTART-2026-CF62516 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...
Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...
CLEANSTART-2026-EZ90321 Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper s...
Multiple security vulnerabilities affect the kserve-modelmesh package. Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid...
BIT-ZOOKEEPER-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...
CLEANSTART-2026-ZV38826 Within HostnameError
Security vulnerability affects the trust-manager package. Within HostnameError...
CLEANSTART-2026-MO83449 Within HostnameError
Security vulnerability affects the trust-manager package. Within HostnameError...