40 matches found
CVE-2021-45414
CVE-2021-45414 describes a Remote Code Execution vulnerability in DataRobot (through 2021-10-28) that permits submission of a Docker environment or Java driver, enabling arbitrary code execution on the server. Documentation confirms affected product scope as DataRobot and notes high-severity impa...
mongo-java-driver: client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
mongo-java-driver: client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
Moderate: Red Hat Security Advisory: Red Hat Integration Debezium 1.4.2 security update
An update for Debezium MongoDB connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mongo-java-driver: client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
UBUNTU-CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
Design/Logic Flaw
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...
CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
MongoDB Trust Management Issues Vulnerabilities
Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage, dynamic query, data replication and automatic failover and other functions. A security vulnerability exists in the MongoDB Java driver client-side, which ca...
MongoDB Java driver client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
PT-2021-13887 · Unknown · Java Driver
Name of the Vulnerable Software and Affected Versions: Java driver versions that support client-side field level encryption CSFLE Description: The issue arises from the Java driver's failure to perform correct host name verification on the KMS server's certificate, which, in combination with a...
Vulnerability fixed in PostgreSQL jdbc driver
A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...
Command execution vulnerability in PostgreSQL JDBC driver
PostgreSQL is an open source database system. A command execution vulnerability exists in the PostgreSQL JDBC driver that can be exploited by an attacker to gain server privileges...