Lucene search
K

83 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 8:43 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

9.3CVSS6.3AI score0.00831EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 7:42 a.m.17 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management . Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting...

7.5CVSS5.4AI score0.00827EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.9 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.00904EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 12:26 p.m.14 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

7.5CVSS6.6AI score0.00827EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.5 views

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.5CVSS5.8AI score0.00395EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.3 views

CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

6.3CVSS5.8AI score0.00743EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31939

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.12.0 through 2.25.3 Description A flaw exists where hostname verification is ignored when configured through the verifyHostName attribute of the '' element. This occurs even if the attribute is explicitly set,...

6.3CVSS5.1AI score0.00395EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2026/03/17 12:24 a.m.2 views

SUSE CVE-2026-32627

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...

8.7CVSS5.6AI score0.00179EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2018-0496

Malicious code in bioql PyPI...

7.5CVSS8.8AI score0.213EPSS
Exploits0References72
EUVD
EUVD
added 2025/10/03 8:7 p.m.28 views

EUVD-2022-5169

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.00432EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 2:52 p.m.6 views

Security Bulletin: A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, which affects IBM watsonx.data

Summary A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27820 DESCRIPTION: A bug in PSL validation...

7.5CVSS6.7AI score0.00745EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-27820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apach...

7.5CVSS6.9AI score0.00745EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.6 views

Atlassian Jira Service Management Data Center and Server 5.12.23 < 5.12.24 / 10.3.x < 10.3.8 / 10.5.x < 10.7.2 (JSDSERVER-16269)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16269 advisory. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie...

7.5CVSS6.8AI score0.00745EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/05/14 6:48 p.m.13 views

K000151334: Apache HttpClient vulnerability CVE-2025-27820

Security Advisory Description A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release CVE-2025-27820 Impact There is no impact; F5 products are not...

7.5CVSS6.8AI score0.00745EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/09 9:6 a.m.10 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team.This bulletin contains information...

7.5CVSS6.2AI score0.00745EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/05/05 2:16 a.m.10 views

Improper Domain Validation

org.apache.httpcomponents.client5, httpclient5 is vulnerable to improper domain validation. The vulnerability is due to disabled domain checks where a bug in the PSL validation logic, affecting cookie management and host name verification, which allows an attacker to perform cookie injection or...

7.5CVSS7.4AI score0.00745EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/26 12:6 p.m.18 views

CVE-2025-27820

A flaw was found in Apache HttpClient. This vulnerability allows unauthorized access or information disclosure via disabled Public Suffix List PSL validation, affecting cookie management and hostname verification. Mitigation Mitigation for this issue is either not available or the currently...

6.5CVSS7.1AI score0.00745EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/04/25 2:14 a.m.3 views

SUSE CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

7.5CVSS7.8AI score0.00745EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/24 12:46 p.m.5 views

Improper Certificate Validation

Overview org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to...

8.8CVSS6.7AI score0.00745EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/24 12:31 p.m.21 views

Apache HttpClient disables domain checks

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

7.5CVSS7.1AI score0.00745EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder