Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39254 | 1 Matrix-nio Project | 1 Matrix-nio | 2025-04-23 | 8.6 High |
| matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue. | ||||
| CVE-2024-7516 | 1 Broadcom | 1 Fabric Operating System | 2025-02-04 | 7.1 High |
| A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. | ||||
| CVE-2022-36881 | 2 Jenkins, Redhat | 2 Git Client, Openshift | 2024-11-21 | 8.1 High |
| Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | ||||
| CVE-2021-34433 | 1 Eclipse | 1 Californium | 2024-11-21 | 7.5 High |
| In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | ||||