ALPINE-CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-35563

The CVE-2026-35563 concerns the Apache Directory LDAP API LDAP client (v2.1.7) failing to verify that the server certificate matches the intended LDAP hostname. Root cause: incomplete TLS server identity verification. Impact: potential server impersonation and complete connection compromise over ...

CVE-2026-41603

A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch during the TLS handshake. When Spring Boot is configured to connect to Elasticsearch using an SSL bundle, the auto-configuration fails to verify that the hostname in the server's SSL...

Apache Tomcat 9.0.0.M1 < 9.0.113 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.113. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.113security-9 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.0

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.0 Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

MiracleLinux 4 : mutt-1.5.20-2.20091214hg736b6a.AXS4.1 (AXSA:2011-711:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-711:01 advisory. Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features...

EUVD-2025-13880

Malicious code in bioql PyPI...

EUVD-2022-1860

Malicious code in bioql PyPI...

PT-2023-19687 · Dell · Dell Networker

Name of the Vulnerable Software and Affected Versions: Dell NetWorker affected versions not specified Description: The issue is related to an Improper Validation of Certificate with Host Mismatch vulnerability in the Rabbitmq port. This could disallow replacing CA signed certificates...

SUSE CVE-2015-2741

Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggerin...

GHSA-RM7V-GQFG-P2WC Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java

The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

log4j: improper validation of certificate with host mismatch in SMTP appender

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

CVE-2020-25680

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from...

ovirt-engine-sdk-python trust management issue vulnerability

ovirt-engine-sdk-python is a Python-based package that provides access to the oVirt Engine API. A trust management issue vulnerability in ovirt-engine-sdk-python versions prior to 3.4.0.7 and prior to 3.5.0.4, which stems from the program's failure to validate that the hostname of a remote endpoi...

PT-2018-7154 · Red Hat · Openshift +2

Name of the Vulnerable Software and Affected Versions: CloudForms affected versions not specified Description: The issue arises from CloudForms not verifying that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RH...

SSL Handshake Fails When Server Name Indication (SNI) is Enabled on ADC

SSL handshake fails when Server Name Indication feature is enabled on NetScaler Server Name Indication aka SNI is an extension of the TLS protocol. For SNI to work, the server name in the client hello must match the host name configured on the back-end service that is bound to an SSL virtual...

Red Hat CloudForms Management Engine Information Disclosure Vulnerability

Red Hat CloudForms Management Engine is an IaaS Infrastructure as a Service cloud services solution from Red Hat, Inc. The solution creates and manages private and public clouds and has application lifecycle management capabilities. An information disclosure vulnerability exists in the Red Hat...