18 matches found
EUVD-2012-5696
Malware in sbrugna...
EUVD-2012-5697
Malware in sbrugna...
EUVD-2020-26128
Malware in sbrugna...
EUVD-2020-5887
Malware in sbrugna...
EUVD-2011-5138
Malware in sbrugna...
EUVD-2022-2129
Malicious code in bioql PyPI...
EUVD-2022-5659
Malicious code in bioql PyPI...
CVE-2019-9764
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...
CVE-2012-5811
The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5805
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different...
openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1873)
This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
Design/Logic Flaw
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...
PT-2019-19855 · Hashicorp +1 · Hashicorp Consul +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul version 1.4.3 Description: The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causin...
Moderate: Red Hat Security Advisory: CFME 5.8.0 security, bug, and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2013-7449
The CVE-2013-7449 issue affects HexChat (before 2.10.2), XChat, and XChat-GNOME, where ssl_do_connect in common/server.c fails to verify that the server hostname matches a domain in the X.509 certificate. This allows MITM attackers to spoof SSL servers using arbitrary valid certificates. The root...
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...
Moderate: Red Hat Security Advisory: axis security update
Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2012-5792
The CVE-2012-5792 entry affects the Sage Pay Direct module in osCommerce. The vulnerability arises because the module does not verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling MITM attackers to spoof SSL servers using an arbitrary valid cer...