12 matches found
Apache Thrift 安全漏洞
Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by improper validation of certificate-hostname mismatches...
CVE-2026-24932
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
EUVD-2022-0279
Malicious code in bioql PyPI...
JRuby-OpenSSL 安全漏洞
JRuby-OpenSSL is an add-on gem for JRuby from the JRuby team. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.12.1 through 0.15.4, which stems from insufficient certificate hostname validation and could lead to a man-in-the-middle attack...
CVE-2024-35299
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation...
GHSA-Q6CQ-M9GM-6Q2F Slixmpp lacks SSL Certificate hostname validation in XMLStream
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
PYSEC-2022-43013
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...
Updated python-slixmpp packages fix security vulnerability
Fixes missing certificate hostname validation...
OPENSUSE-SU-2022:10242-1 Security update for python-slixmpp
This update for python-slixmpp fixes the following issues: - CVE-2022-45197: Fixed certificate hostname validation boo1205433...
GHSA-5JC8-8XHV-G8QM Improper Input Validation in XFire
Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...
DEBIAN-CVE-2016-7075
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate...
PT-2012-6129 · Codehaus · Xfire
Name of the Vulnerable Software and Affected Versions: Codehaus XFire versions 1.2.6 and earlier Description: The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the...