4 matches found
c-ares: Missing input validation of host names may lead to domain hijacking
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
A flaw was found in c-ares library where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
...
EM-HTTP-Request Trust Management Issues Vulnerability
EM-HTTP-Request is an asynchronous HTTP client from Ilya Grigorik Software Developers of the United States , which supports automatic gzip and deflate decoding , streaming response processing , streaming file uploads and authentication . A trust management issue vulnerability exists in...
CVE-2018-9127
Botan 2.2.0 - 2.4.0 fixed in 2.5.0 improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must alrea...