Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)

Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...

GHSA-7P63-W6X9-6GR7 Eclipse Jersey has a Race Condition

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

EUVD-2025-198046

Eclipse Jersey has a Race Condition...

Eclipse Jersey has a Race Condition

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

CVE-2025-12383 Race Condition allows Bypass of Trust Restrictions

In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...

PT-2025-35658

Name of the Vulnerable Software and Affected Versions: PaperCut Print Deploy affected versions not specified Description: PaperCut Print Deploy, an optional component integrated with PaperCut NG/MF, is susceptible to man-in-the-middle attacks if not correctly configured with a trusted certificate...

CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

CVE-2023-25656 notation-go has excessive memory allocation on verification

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

GHSA-94JQ-Q5V2-76WJ Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

Insecure Certificate Validation

aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning...

Insecure Certificate Validation

aws-iot-device-sdk-v2 uses insecure certificate validation. The library does not verify server certificate hostname during TLS handshake, allowing attackers to override certificate authorities in their trust stores on Microsoft Windows...

Insecure Certificate Validation

aws-iot-device-sdk-v2 uses insecure certificate validation. The library does not verify server certificate hostname during TLS handshake, allowing attackers to override certificate authorities in their trust stores on MacOS...

Improper Certificate Validation

Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule onward. This issu...