Topic

Java

A collection of 62 issues

CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.

In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a query string that contains a "specially-crafted word." For example: GET /cnr?s=password In these cases, the server may return a different response code than
1 min read

CVE-2022-33681 Vulnerable to a man in the middle attack due to delayed hostname verification in the Pulsar Java Client and the Pulsar Proxy.

via man-in-the-middle attacks. We encourage clients to manually validate TLS certificates against the expected hostname before accepting connections. Additionally, we recommend clients limit access to the network to only trusted hosts. If an attacker can directly access the network between the client and the server, then the attacker can take
1 min read
Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe