Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
7.4
CVSSv3
CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote malicious user to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key fo...
Cisco Hyperflex Hx220c M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx220c M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx240c M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Af M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Af M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c Af M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx240c Af M5 Firmware 3.5\\(2a\\)
Cisco Hyperflex Hx220c Edge M5 Firmware 3.0\\(1a\\)
Cisco Hyperflex Hx220c Edge M5 Firmware 3.5\\(2a\\)
NA
CVE-2015-4640
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle malicious users to write to language-pack files by modifying an HTTP response. NOTE: CV...
Swiftkey Swiftkey Sdk
5.3
CVSSv3
CVE-2016-6877
Citrix XenMobile Server prior to 10.5.0.24 allows man-in-the-middle malicious users to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a vali...
Citrix Xenmobile Server
NA
CVE-2014-0036
The rbovirt gem prior to 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote malicious users to conduct man-in-the-middle attacks via unspecified vectors.
Amos Benari Rbovirt 0.0.16
Amos Benari Rbovirt 0.0.15
Amos Benari Rbovirt 0.0.14
Amos Benari Rbovirt 0.0.13
Amos Benari Rbovirt
Amos Benari Rbovirt 0.0.22
Amos Benari Rbovirt 0.0.21
Amos Benari Rbovirt 0.0.8
Amos Benari Rbovirt 0.0.7
Amos Benari Rbovirt 0.0.6
Amos Benari Rbovirt 0.0.5
Amos Benari Rbovirt 0.0.19
Amos Benari Rbovirt 0.0.17
Amos Benari Rbovirt 0.0.12
Amos Benari Rbovirt 0.0.10
Amos Benari Rbovirt 0.0.3
Amos Benari Rbovirt 0.0.1
Amos Benari Rbovirt 0.0.20
Amos Benari Rbovirt 0.0.18
Amos Benari Rbovirt 0.0.11
Amos Benari Rbovirt 0.0.9
Amos Benari Rbovirt 0.0.4
8.1
CVSSv3
CVE-2016-4850
LINE for Windows prior to 4.8.3 allows man-in-the-middle malicious users to execute arbitrary code.
Linecorp Line
NA
CVE-2014-3494
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 prior to 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle malicious users to obtain sensitive information via an invalid certificate.
Opensuse Opensuse 13.1
Kde Kdelibs 4.11.5
Kde Kdelibs 4.11.90
Kde Kdelibs 4.12.4
Kde Kdelibs 4.11.95
Kde Kdelibs 4.11.97
Kde Kdelibs 4.12.0
Kde Kdelibs 4.12.1
Kde Kdelibs 4.12.2
Kde Kdelibs 4.11.0
Kde Kdelibs 4.11.1
Kde Kdelibs 4.11.2
Kde Kdelibs 4.11.3
Kde Kdelibs 4.12.90
Kde Kdelibs 4.12.95
Kde Kdelibs 4.12.97
Kde Kdelibs 4.13.0
Kde Kdelibs 4.12.80
Kde Kdelibs 4.13.1
Kde Kdelibs 4.10.97
Kde Kdelibs 4.11.4
Kde Kdelibs 4.11.80
NA
CVE-2014-0478
APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Debian Advanced Package Tool
3.7
CVSSv3
CVE-2022-48308
It exists that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle a...
Palantir Sls-logging
NA
CVE-2011-1829
APT prior to 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle malicious users to install modified packages via vectors involving lack of an initial clearsigned message.
Debian Advanced Package Tool
Canonical Ubuntu Linux 11.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »