Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 11:42 a.m.36 views

Security Bulletin: A spoofing vulnerablity due to an exposure in Eclipse Paho used by IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following identity spoofing vulnerability in Eclipse Paho reported by IBM® WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: Eclipse Paho Java client could allow a remote attacker to bypass security...

7.5CVSS7.4AI score0.00827EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/09/11 6:15 p.m.18 views

CVE-2019-11777

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...

7.5CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2019/09/11 6:15 p.m.24 views

Information disclosure

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...

5CVSS7.3AI score0.00827EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/19 4:53 p.m.35 views

Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...

8.1CVSS3.2AI score0.0291EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2018/08/30 1:0 p.m.30 views

CVE-2018-10936

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by...

8.1CVSS7.8AI score0.0291EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/08/30 12:0 a.m.3 views

PT-2018-10194 · Postgresql +2 · Postgresql-Jdbc +2

Name of the Vulnerable Software and Affected Versions: postgresql-jdbc versions prior to 42.2.5 Description: A weakness was found that could allow a man-in-the-middle attacker to masquerade as a trusted server. This occurs when an SSL Factory is provided without a host name verifier, allowing an...

9.8CVSS7.7AI score0.04094EPSS
Exploits1References39
Rows per page
Query Builder