Cookie Consent by Free Privacy Policy Generator Aktuallisiere deine Cookie Einstellungen πŸ“Œ CVE-2022-33681


πŸ“š CVE-2022-33681


πŸ’‘ Newskategorie: SicherheitslΓΌcken
πŸ”— Quelle: web.nvd.nist.gov

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the serverÒ€ℒs TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the clientÒ€ℒs authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. ...



πŸ“Œ Bugtraq: Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831


πŸ“ˆ 3.98 Punkte

πŸ“Œ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


πŸ“ˆ 2.98 Punkte

πŸ“Œ Bugtraq: CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823)


πŸ“ˆ 2.98 Punkte

πŸ“Œ Multiple Security Updates Affecting TCP/IP:β€― CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086


πŸ“ˆ 2.98 Punkte

πŸ“Œ Bugtraq: CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.99 Punkte

πŸ“Œ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.99 Punkte

πŸ“Œ [papers] - Roaming Through the OpenSSH Client: CVE-2016-0777 and CVE-2016-0778


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]


πŸ“ˆ 1.99 Punkte

πŸ“Œ Is CVE-2017-0199 the new CVE-2012-0158?


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674]


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)


πŸ“ˆ 1.99 Punkte

πŸ“Œ Bugtraq: [CVE-2018-3667, CVE-2018-3668] Escalation of priviilege via executable installer of Intel Processor Diagnostic Tool


πŸ“ˆ 1.99 Punkte

πŸ“Œ Mozilla Firefox CVE-2007-2175 memory corruption [CVE-2007-2176]


πŸ“ˆ 1.99 Punkte

πŸ“Œ Loading up a pair of Qt bugs: Detailing CVE-2019-1636 and CVE-2019-6739


πŸ“ˆ 1.99 Punkte

πŸ“Œ flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 involving /proc/self/exe


πŸ“ˆ 1.99 Punkte











matomo