CVE-2026-35563

The CVE-2026-35563 concerns the Apache Directory LDAP API LDAP client (v2.1.7) failing to verify that the server certificate matches the intended LDAP hostname. Root cause: incomplete TLS server identity verification. Impact: potential server impersonation and complete connection compromise over ...

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

org.bouncycastle: Use of Incorrectly-Resolved Name or Reference

A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection...

SUSE CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

Man-in-the-Middle (MitM)

Overview Affected versions of this package are vulnerable to Man-in-the-Middle MitM due to Missing TLS hostname validation. Remediation There is no fixed version for twitter-stream. References - GitHub Security Advisory - GitHub Security Advisory Credit: Agustin Gianni...

RHEL 7 : OpenShift Container Platform 3.11.318 jenkins-2-plugins (RHSA-2020:5102)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5102 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Man-in-the-Middle (MitM)

jenkins-2-plugins/mailer is vulnerable to man-in-the-middle attack. Missing hostname validation in Mailer Plugin allows an attacker to perform man-in-the-middle attacks...

CVE-2019-19941

Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS...

PT-2019-19855 · Hashicorp +1 · Hashicorp Consul +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul version 1.4.3 Description: The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causin...

DEBIAN-CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

axis: missing connection hostname check against X.509 certificate name

Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name...