23 matches found
CLSA-2026-1778769563 python: Fix of 4 CVEs
CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...
Improper Validation Of Certificate
Apache Thrift is vulnerable to Improper Validation of Certificate. The vulnerability is due to improper validation of certificates against the host name, which allows an attacker to perform man-in-the-middle attacks by presenting a mismatched or malicious certificate...
Tenda W30E 安全漏洞
The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...
EUVD-2024-48284
Malicious code in bioql PyPI...
CVE-2024-7346
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...
CVE-2024-7346
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...
CVE-2024-7346
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...
CVE-2024-7346
CVE-2024-7346 affects Progress OpenEdge: using the installed default TLS certificates allows bypassing host-name validation during TLS handshakes in network connections. The issue is fixed by requiring CA-signed certificates that contain sufficient information to support host-name validation; def...
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...
PT-2024-38279 · Progress · Openedge
Name of the Vulnerable Software and Affected Versions: OpenEdge affected versions not specified Description: The issue concerns the bypassing of host name validation for TLS certificates when using the installed OpenEdge default certificates to perform the TLS handshake for a networked connection...
Medium: c-ares
Issue Overview: A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and...
Palantir 信任管理问题漏洞
Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir versions prior to 0.730.0, which stems from the Gotham Chat IRC Helper abusing the...
SUSE CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...
CVE-2022-32156
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...
c-ares: Missing input validation of host names may lead to domain hijacking
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP...
mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages
A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts...
CVE-2017-7513
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate...
cURL/libcURL 7.x < 7.33.0 Host Name Validation Bypass
Binary data 9979.prm...