Lucene search
K

67 matches found

RedHat Linux
RedHat Linux
added 2021/03/18 1:3 p.m.2 views

rubygem-em-http-request: missing SSL hostname validation allows MITM

A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS5.7AI score0.00905EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/03/18 12:0 a.m.30 views

RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0937 advisory. EventMachine based, async HTTP Request client. Security Fixes: missing SSL hostname validation allows MITM CVE-2020-13482 For more details about the...

7.4CVSS7.3AI score0.00905EPSS
Exploits1References4
OSV
OSV
added 2021/02/19 11:15 p.m.16 views

CVE-2020-24393

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2021/02/19 11:15 p.m.26 views

CVE-2020-24393

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS0.00862EPSS
Exploits1References2
NVD
NVD
added 2021/02/19 11:15 p.m.13 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS0.00884EPSS
Exploits1References2
OSV
OSV
added 2021/02/19 11:15 p.m.8 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/02/19 11:15 p.m.13 views

Design/Logic Flaw

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

4.3CVSS5.5AI score0.00884EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/02/19 11:15 p.m.13 views

Input validation

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

4.3CVSS5.5AI score0.00862EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/02/19 11:15 p.m.18 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS6.2AI score0.00884EPSS
Exploits1References2
OSV
OSV
added 2021/02/19 11:15 p.m.2 views

UBUNTU-CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.8AI score0.00884EPSS
Exploits1References3
CVE
CVE
added 2021/02/19 10:44 p.m.103 views

CVE-2020-24393

CVE-2020-24393 affects TweetStream 2.6.1. The vulnerability arises from insecure use of the eventmachine library that omits TLS hostname validation, enabling potential man-in-the-middle attacks. Public sources (including Red Hat, OSV, MV sources) reiterate the same description and do not specify ...

5.9CVSS5.7AI score0.00862EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/19 10:44 p.m.25 views

CVE-2020-24393

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.5AI score0.00862EPSS
Exploits1References2
CVE
CVE
added 2021/02/19 10:42 p.m.120 views

CVE-2020-24392

CVE-2020-24392 concerns missing TLS hostname validation in voloko twitter-stream (versions 0.1.10 and 0.1.16 in various advisories), caused by misused eventmachine. This allows a man-in-the-middle attack against users of the library. The vulnerability is described across multiple sources (Red Hat...

5.9CVSS5.7AI score0.00884EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/19 10:42 p.m.18 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.5AI score0.00884EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/02/19 10:42 p.m.14 views

CVE-2020-24392

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS5.5AI score0.00884EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.15 views

Fedora: Security Advisory for rubygem-em-http-request (FEDORA-2020-117f1b67fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4CVSS7.5AI score0.00905EPSS
Exploits1References2
Fedora
Fedora
added 2021/01/07 1:15 a.m.69 views

[SECURITY] Fedora 33 Update: rubygem-em-http-request-1.1.7-1.fc33

EventMachine based, async HTTP Request client...

7.4CVSS0.2AI score0.00905EPSS
Exploits1
Fedora
Fedora
added 2021/01/07 1:14 a.m.65 views

[SECURITY] Fedora 32 Update: rubygem-em-http-request-1.1.7-1.fc32

EventMachine based, async HTTP Request client...

7.4CVSS0.2AI score0.00905EPSS
Exploits1
Veracode
Veracode
added 2020/09/23 12:24 a.m.16 views

Man-in-the-Middle (MitM)

tweetstream is vulnerable to man-in-the-middle MitM. The vulnerability exists through the insecure usage of eventmachine, where it does not perform validation of hostnames, when initiating SSL/TLS connections...

5.9CVSS1.8AI score0.00862EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/07/31 6:15 p.m.22 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS8AI score0.00914EPSS
Exploits1References2
Rows per page
Query Builder