103 matches found
CVE-2021-4138
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...
Amazon AWS IoT Device SDK 信任管理问题漏洞
The Amazon AWS IoT Device SDK is a collection of C source files under the MIT Open Source License from Amazon.com, Inc. that can be used in embedded applications to securely connect IoT devices to the AWS IoT Core.It includes an MQTT, JSON parser, and the AWS IoT Device Shadow library. It is...
CVE-2020-28577
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...
CVE-2020-28577
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names...
Trend Micro OfficeScan XG 信息泄露漏洞
Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities.Trend Micro OfficeScan XG is a suite of distributed anti-virus software from Trend Micro. An incorrect access control information disclosure...
openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1873)
This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
vCloud Director Remote Code Execution Vulnerability
vCloud Director hereinafter referred to as Director is based on the virtualization capabilities of VMware vSphere and extends the resource pooling capabilities of VMware vCenter to enable IT departments to create a "VDC Virtual Data Center". "VDCs Virtual Data Centers are pools of compute, networ...
GNOME glib-networking Trust Management Issues Vulnerability
GNOME glib-networking is a networking extension package for Glib a collection of five underlying libraries written in C. A security vulnerability exists in GNOME glib-networking 2.64.2 and earlier versions, which stems from an implementation of GTlsClientConnection that does not validate the...
DEBIAN-CVE-2014-2901
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname...
Design/Logic Flaw
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verifyserverhostname were set to false, even when it is actually set to true. This is fixed in 1.4.4...
PT-2019-19855 · Hashicorp +1 · Hashicorp Consul +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul version 1.4.3 Description: The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causin...
Design/Logic Flaw
On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are...
GHSA-W64C-PXJJ-H866 Ansible does not verify that the server hostname matches a domain name in certificates
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...
AtMail Cross-Site Request Forgery Vulnerability (CNVD-2017-09349)
AtMail is an open source WebMail client from the Australian company Atmail , which provides a Webmail interface , address book management , calendars and other features , and supports IMAP, video mail and so on. A cross-site request forgery vulnerability exists in Atmail versions prior to 7.8.0.2...
Moderate: Red Hat Security Advisory: CFME 5.8.0 security, bug, and enhancement update
An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
VPN Server Hostname Detection via PPTP
Binary data 7268.pasl...
CVE-2013-7449
The CVE-2013-7449 issue affects HexChat (before 2.10.2), XChat, and XChat-GNOME, where ssl_do_connect in common/server.c fails to verify that the server hostname matches a domain in the X.509 certificate. This allows MITM attackers to spoof SSL servers using arbitrary valid certificates. The root...
CVE-2013-7449
The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...