Lucene search
K

4 matches found

OSV
OSV
added 2024/08/31 12:31 a.m.11 views

GHSA-H83P-72JV-G7VP Missing hostname validation in Kroxylicious

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

7.3CVSS5.7AI score0.00378EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/08/31 12:31 a.m.21 views

Missing hostname validation in Kroxylicious

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.5AI score0.00378EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/08/30 9:10 p.m.85 views

CVE-2024-8285

CVE-2024-8285 affects Kroxylicious, where TLS upstream connections to Kafka fail to verify the server hostname. This creates a potential for MITM and data integrity/confidentiality impact. Attacks require network access and, per the sources, may require high privileges to modify Kroxylicious conf...

5.9CVSS5.7AI score0.00378EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2006/05/03 12:0 a.m.14 views

Quagga Routing Software Suite 0.9x - RIPd RIPv1 RESPONSE Packet Route Injection

Quagga Routing Software Suite 0.9x - RIPd RIPv1 RESPONSE Packet Route Injection source: https://www.securityfocus.com/bid/17808/info Quagga is susceptible to remote information-disclosure and route-injection vulnerabilities. The application fails to properly ensure that required authentication an...

0.6AI score
Exploits0
Rows per page
Query Builder