Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-3981
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Mikrotik Routeros
Mikrotik Winbox
NA
CVE-2023-25758
Onekey Touch devices up to and including 4.0.0 and Onekey Mini devices up to and including 2.10.0 allow man-in-the-middle malicious users to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle&...
Onekey Onekey Touch Firmware
Onekey Onekey Mini Firmware
4.3
CVSSv2
CVE-2019-11674
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions before 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
Microfocus Netiq Self Service Password Reset
Microfocus Netiq Self Service Password Reset 4.4
NA
CVE-2023-23546
A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
Milesight Ur32l Firmware 32.3.0.5
9.3
CVSSv2
CVE-2011-3402
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote malicious user...
Microsoft Windows Server 2008
Microsoft Windows Xp
Microsoft Windows 7 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2003
Microsoft Windows Vista
10 Articles
2.1
CVSSv2
CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
Busybox Busybox 1.33.1
Busybox Busybox 1.33.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
4.3
CVSSv2
CVE-2015-0210
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote malicious users to cause a man-in-the-middle attack.
W1.fi Wpa Supplicant 2.0-16
4.3
CVSSv2
CVE-2013-4488
libgadu prior to 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers.
Libgadu Libgadu
4.3
CVSSv2
CVE-2014-7189
crpyto/tls in Go 1.1 prior to 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle malicious users to spoof clients via unspecified vectors.
Golang Go 1.2.1
Golang Go 1.3
Golang Go 1.2
Golang Go 1.2.2
Golang Go 1.1
Golang Go 1.1.1
Golang Go 1.1.2
Golang Go 1.3.1
4.3
CVSSv2
CVE-2021-21963
An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to ...
Sealevel Seaconnect 370w Firmware 1.3.34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »