Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-34682
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
Gov Imposto De Renda Da Pessoa Fisica 2021 1.7
4.3
CVSSv2
CVE-2019-5215
There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Sh...
Huawei P30 Pro Firmware
Huawei P30 Firmware
6.8
CVSSv2
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
4.3
CVSSv2
CVE-2013-2193
Apache HBase 0.92.x prior to 0.92.3 and 0.94.x prior to 0.94.9, when the Kerberos features are enabled, allows man-in-the-middle malicious users to disable bidirectional authentication and obtain sensitive information via unspecified vectors.
Apache Hbase 0.92.2
Apache Hbase 0.94.5
Apache Hbase 0.94.4
Apache Hbase 0.94.8
Apache Hbase 0.94.7
Apache Hbase 0.94.0
Apache Hbase 0.94.6.1
Apache Hbase 0.94.6
Apache Hbase 0.92.1
Apache Hbase 0.92.0
Apache Hbase 0.94.3
Apache Hbase 0.94.2
Apache Hbase 0.94.1
6.8
CVSSv2
CVE-2016-1866
Salt 2015.8.x prior to 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle malicious users to execute arbitrary code by inserting packets into the minion-master data stream.
Saltstack Salt 2015.8.3
Saltstack Salt 2015.8.1
Saltstack Salt 2015.8.2
Saltstack Salt 2015.8.0
Opensuse Leap 42.1
4.3
CVSSv2
CVE-2017-1000402
Jenkins Swarm Plugin Client 3.4 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Jenkins Swarm
6.8
CVSSv2
CVE-2020-8156
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Nextcloud Nextcloud Mail
Fedoraproject Fedora 32
NA
CVE-2023-47257
ConnectWise ScreenConnect up to and including 23.8.4 allows man-in-the-middle malicious users to achieve remote code execution via crafted messages.
Connectwise Screenconnect
Connectwise Automate -
4.3
CVSSv2
CVE-2015-4190
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle malicious users to modify data via unspecified vectors, aka Bug ID CSCuh19683.
Cisco Prime Service Catalog 9.4.1 Vortex
4.3
CVSSv2
CVE-2020-36473
UCWeb UC 12.12.3.1219 up to and including 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs.
Ucweb Ucweb Uc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »