Lucene search
K

23 matches found

Snyk
Snyk
added 2026/06/10 12:0 a.m.8 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

5CVSS5.3AI score0.00123EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 9:31 a.m.11 views

EUVD-2026-27237

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.8AI score0.00632EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41603

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to...

8.2CVSS5.8AI score0.00593EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 10:16 a.m.6 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS0.00593EPSS
Exploits0References12
AlpineLinux
AlpineLinux
added 2026/04/28 9:19 a.m.6 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS5.8AI score0.00593EPSS
Exploits0
Snyk
Snyk
added 2026/04/23 12:0 a.m.5 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to establishing SSL connections to Cassandra without verifying that the hostname in the server's SSL certificate actually matched the hostname of the server being connected to...

9.8CVSS5.5AI score0.00182EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 10:54 a.m.13 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostnam...

6.3CVSS6.5AI score0.00743EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 12:31 p.m.9 views

Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/02/12 3:56 p.m.6 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the GalaxyFDSClientImpl.createHttpClient function. An attacker can intercept and modify communications by performing a man-in-the-middle attack when TLS hostname verification ...

9.1CVSS5.6AI score0.00184EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 3:36 a.m.15 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.8AI score0.00743EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/15 3:47 p.m.8 views

CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow a...

7.5CVSS6.9AI score0.00104EPSS
Exploits1References1
Snyk
Snyk
added 2025/10/14 6:30 p.m.6 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via the parseCommonName method . An attacker can gain unauthorized access or impersonate users by crafting malicious X.509 certificates that bypass hostname validation through...

8.6CVSS6.7AI score0.0067EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 4:15 p.m.17 views

CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow a...

7.5CVSS0.00104EPSS
Exploits1References2
CVE
CVE
added 2025/10/14 3:22 p.m.28 views

CVE-2025-25253

CVE-2025-25253 describes improper validation of certificate hostnames in FortiProxy (and FortiOS ZTNA proxy) that could allow an unauthenticated attacker in a man-in-the-middle position to intercept and tamper with connections. Affected products/versions from the provided docs include FortiProxy ...

7.5CVSS6.5AI score0.00104EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

HotelRunner B2B 安全漏洞

HotelRunner B2B is a software tool for business management and collaboration for the hotel industry from HotelRunner Turkey. A security vulnerability exists in HotelRunner B2B versions prior to 04.06.2025, which stems from improper validation of a certificate host mismatch and could lead to HTTP...

4.6CVSS6.6AI score0.00101EPSS
Exploits0References3
Snyk
Snyk
added 2025/02/18 7:25 p.m.5 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in components/octoprint, which uses custom Octoprint HTTP sessions. The default ssl parameter configuration uses the value False or None, which causes the SSL verification...

8.3CVSS6.8AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 11:57 a.m.4 views

DEBIAN-CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

6.5CVSS5.2AI score0.00464EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 10:5 p.m.41 views

CVE-2023-5909 Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect...

7.5CVSS7.7AI score0.00442EPSS
Exploits0References1
OSV
OSV
added 2023/07/18 3:15 a.m.4 views

CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Server, Device Manager Agent, Host Data Collector components allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02...

8.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 4:15 p.m.18 views

Input validation

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept...

3.6CVSS6.4AI score0.00258EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder