38 matches found
EUVD-2016-5454
Malware in sbrugna...
EUVD-2018-0790
Malware in sbrugna...
EUVD-2018-0588
Malware in sbrugna...
EUVD-2022-2590
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-2166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an...
SUSE CVE-2016-2166
The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...
Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton
Withdrawn Advisory This advisory has been withdrawn because the vulnerability only affects the Qpid Proton C library and not org.apache.qpid:proton-j. This link has been maintained to preserve external references. Original Description While investigating bug PROTON-2014, we discovered that under...
Improper TLS Certificate Validation
Apache Qpid Proton is vulnerable to man-in-the-middle MitM attacks. A remote attacker is able to intercept TLS traffic as the application provides anonymous ciphers to authenticate a client regardless of the client's configuration to verify the server's certificate or hostname. The vulnerability ...
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
Code injection
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
CVE-2019-0223
CVE-2019-0223 concerns Apache Qpid Proton (C library and bindings) versions 0.9–0.27.0. Under TLS with OpenSSL versions before 1.1.0, a peer could be connected anonymously even when peer cert verification is configured, enabling a potential undetected man-in-the-middle attack if TLS traffic is in...
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 C library and its language bindings can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before...
PT-2019-2586 · Apache +1 · Apache Qpid Proton +1
Name of the Vulnerable Software and Affected Versions: Apache Qpid Proton versions 0.9 through 0.27.0 Description: The issue is related to errors in the certificate authentication procedure, allowing a remote attacker to implement a man-in-the-middle attack and intercept TLS traffic by anonymousl...
GHSA-XVCH-R4WF-H8W9 Improper Certificate Validation in proton-j
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
Default configuration
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...