18 matches found
curl: Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning
Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning --- Summary sshconfigmatches in lib/url.c decides whether an existing SSH connection can be reused by a new transfer handle. It checks client key paths rsa, rsapub but never...
Eaton Network M3 安全漏洞
Eaton Network M3 is a security network interface card developed by the American company Eaton. There is a security vulnerability in Eaton Network M3, which stems from the insecure mechanism for server identity checks executed through command shells during firmware updates. This vulnerability may...
EUVD-2021-2501
Malware in sbrugna...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
FreeBSD : keycloak -- Missing server identity checks when sending mails via SMTPS (fd538d14-5778-4764-b321-2ddd61a8a58f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fd538d14-5778-4764-b321-2ddd61a8a58f advisory. Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.12.SP1 Security Update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
CVE-2021-44549
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
Apache Sling Commons Messaging Mail Trust Management Issue Vulnerability
Apache Sling Commons Messaging Mail is an open source messaging mail service from the Apache Foundation in the U.S. A trust management issue vulnerability exists in Apache Sling Commons Messaging Mail 1.0.0, which stems from the Apache Sling Commons Messaging Mail provides a simple layer on top o...
GHSA-C69W-JJ56-834W Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
Man In The Middle (MitM)
org.apache.sling:org.apache.sling.commons.messaging.mail is vulnerable to man-in-the-middle MitM attacks. Lack of server identity checks when accessing mail servers allow remote attackers to perform man in the middle attacks when participating in a shared mail session...
CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
Apache Sling Commons Messaging Mail 信任管理问题漏洞
Apache Sling Commons Messaging Mail is an open source messaging mail service from the Apache Foundation in the U.S. A trust management issue vulnerability exists in Apache Sling Commons Messaging Mail 1.0.0, which stems from the Apache Sling Commons Messaging Mail provides a simple layer on top o...