Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
5.8
CVSSv2
CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote malicious user to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key fo...
Cisco Hyperflex Hx220c M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx220c M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx240c M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Af M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Af M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c Af M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c Af M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Edge M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx220c Edge M5 Firmware 3.5\\(2a\\)
2.9
CVSSv2
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
2.6
CVSSv2
CVE-2016-6877
Citrix XenMobile Server prior to 10.5.0.24 allows man-in-the-middle malicious users to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a vali...
Citrix Xenmobile Server
6.8
CVSSv2
CVE-2014-0036
The rbovirt gem prior to 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote malicious users to conduct man-in-the-middle attacks via unspecified vectors.
Amos Benari Rbovirt 0.0.16
Amos Benari Rbovirt 0.0.15
Amos Benari Rbovirt 0.0.14
Amos Benari Rbovirt 0.0.13
Amos Benari Rbovirt
Amos Benari Rbovirt 0.0.22
Amos Benari Rbovirt 0.0.21
Amos Benari Rbovirt 0.0.8
Amos Benari Rbovirt 0.0.7
Amos Benari Rbovirt 0.0.6
Amos Benari Rbovirt 0.0.5
Amos Benari Rbovirt 0.0.19
Amos Benari Rbovirt 0.0.17
Amos Benari Rbovirt 0.0.12
Amos Benari Rbovirt 0.0.10
Amos Benari Rbovirt 0.0.3
Amos Benari Rbovirt 0.0.1
Amos Benari Rbovirt 0.0.20
Amos Benari Rbovirt 0.0.18
Amos Benari Rbovirt 0.0.11
Amos Benari Rbovirt 0.0.9
Amos Benari Rbovirt 0.0.4
6.8
CVSSv2
CVE-2016-4850
LINE for Windows prior to 4.8.3 allows man-in-the-middle malicious users to execute arbitrary code.
Linecorp Line
NA
CVE-2022-48308
It exists that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle a...
Palantir Sls-logging
4
CVSSv2
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
4.3
CVSSv2
CVE-2014-3494
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 prior to 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle malicious users to obtain sensitive information via an invalid certificate.
Opensuse Opensuse 13.1
Kde Kdelibs 4.11.5
Kde Kdelibs 4.11.90
Kde Kdelibs 4.12.4
Kde Kdelibs 4.11.95
Kde Kdelibs 4.11.97
Kde Kdelibs 4.12.0
Kde Kdelibs 4.12.1
Kde Kdelibs 4.12.2
Kde Kdelibs 4.11.0
Kde Kdelibs 4.11.1
Kde Kdelibs 4.11.2
Kde Kdelibs 4.11.3
Kde Kdelibs 4.12.90
Kde Kdelibs 4.12.95
Kde Kdelibs 4.12.97
Kde Kdelibs 4.13.0
Kde Kdelibs 4.12.80
Kde Kdelibs 4.13.1
Kde Kdelibs 4.10.97
Kde Kdelibs 4.11.4
Kde Kdelibs 4.11.80
4.3
CVSSv2
CVE-2011-1829
APT prior to 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle malicious users to install modified packages via vectors involving lack of an initial clearsigned message.
Debian Advanced Package Tool
Canonical Ubuntu Linux 11.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »