Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2012-5783, CVE-2012-6153

Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to man-in-the-middle attacks caused by not verifying that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attacker...

CVE-2026-40974

A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacent attacker to bypass hostname verification during SSL Secure Sockets Layer connection establishment to Cassandra. This could enable a man-in-the-middle attack, potentially leading to unauthorized...

MiracleLinux 3 : jakarta-commons-httpclient-3.0-7jpp.4.AXS3 (AXSA:2014-519:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-519:01 advisory. Description : The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services, network-enabled...

CVE-2017-18407

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download SEC-279...

EUVD-2020-0424

Malware in sbrugna...

EUVD-2017-9523

Malware in sbrugna...

SUSE CVE-2013-7440

The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...

SUSE CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

UBUNTU-CVE-2022-45197

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp...

RHEL 7 / 8 : OpenShift Container Platform 4.10.3 (RHSA-2022:0055)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0055 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

Mageia: Security Advisory (MGASA-2014-0557)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0937 advisory. EventMachine based, async HTTP Request client. Security Fixes: missing SSL hostname validation allows MITM CVE-2020-13482 For more details about the...

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

OPENSUSE-SU-2020:0765-1 Security update for imapfilter

This update for imapfilter fixes the following issues: Imapfilter was updated to version 2.6.16 including the following security issue: - CVE-2016-10937: Added Support for SSL hostname validation boo1149931. This update was imported from the openSUSE:Leap:15.1:Update update project...

Security update for imapfilter (moderate)

openSUSE Security Update: Security update for imapfilter Announcement ID: openSUSE-SU-2020:0765-1 Rating: moderate References: 1149931 Cross-References: CVE-2016-10937 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...

Information disclosure

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

openSUSE Security Update : imapfilter (openSUSE-2020-673)

This update for imapfilter fixes the following issues : Imapfilter was updated to version 2.6.16 including the following security issue : - CVE-2016-10937: Added Support for SSL hostname validation boo1149931. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

OPENSUSE-SU-2020:0673-1 Security update for imapfilter

This update for imapfilter fixes the following issues: Imapfilter was updated to version 2.6.16 including the following security issue: - CVE-2016-10937: Added Support for SSL hostname validation boo1149931...