11 matches found
AFFiNE.Pro 输入验证错误漏洞
AFFiNE.Pro is an open-source next-generation knowledge base developed by Toeverything. Versions of AFFiNE.Pro prior to 0.26.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from defects in the domain name verification logic of the /redirect-proxy endpoint...
EUVD-2001-1546
Malware in sbrugna...
CVE-2025-7395
A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...
CVE-2001-1568
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack...
CVE-2001-1569
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack...
Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update
Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
CVE-2012-2993
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the 1 POP3, 2 IMAP, or 3 SMTP protocol via an arbitrary valid certificate...
CVE-2012-2993
Microsoft Windows Phone 7 is affected: it does not verify the domain name in the server certificate’s Common Name, enabling MITM spoofing for SSL connections over POP3/IMAP/SMTP with arbitrary valid certificates. Affected software is Windows Phone 7; vulnerable component is certificate CN verific...
Design/Logic Flaw
muttssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
KLA10182 SUI vulnerability in Google Toolbar
Lack of domain name verification was found in Google Toolbar. By exploiting this vulnerability malicious users can spoof domain names. This vulnerability can be exploited remotely via custom button manipulations. Original advisories - Related products Google-Toolbar CVE list CVE-2007-6536 high...