Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-29475
An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trig...
Goabode Iota All-in-one Security Kit Firmware 6.9z
Goabode Iota All-in-one Security Kit Firmware 6.9x
4.3
CVSSv2
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
Kde Trojita 0.7
NA
CVE-2015-0897
LINE for Android version 5.0.2 and previous versions and LINE for iOS version 5.0.0 and previous versions are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MIT...
Line Line
6.8
CVSSv2
CVE-2018-1000828
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in ...
Frostwire Frostwire 6.1.6
Frostwire Frostwire 6.1.7
Frostwire Frostwire 6.1.8
Frostwire Frostwire 6.3.0
Frostwire Frostwire 6.3.1
Frostwire Frostwire 6.3.2
Frostwire Frostwire 6.3.7
Frostwire Frostwire 6.4.0
Frostwire Frostwire 6.4.7
Frostwire Frostwire 6.4.8
Frostwire Frostwire 6.6.0
Frostwire Frostwire 6.6.1
Frostwire Frostwire 6.6.2
Frostwire Frostwire 1.9.9
Frostwire Frostwire 6.2.0
Frostwire Frostwire 6.2.1
Frostwire Frostwire 6.3.3
Frostwire Frostwire 6.3.6
Frostwire Frostwire 6.4.1
Frostwire Frostwire 6.4.3
Frostwire Frostwire 6.4.5
Frostwire Frostwire 6.4.6
NA
CVE-2022-48307
It exists that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle ...
Palantir Magritte-ftp
NA
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
4.3
CVSSv2
CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x prior to 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle malicious users to conduct replay attacks via unspecified vectors.
Zeromq Zeromq 4.0.2
Zeromq Zeromq 4.0.1
Zeromq Zeromq 4.0.4
Zeromq Zeromq 4.0.3
Zeromq Zeromq 4.0.0
5.8
CVSSv2
CVE-2013-6418
PyWBEM 0.7 and previous versions uses a separate connection to validate X.509 certificates, which allows man-in-the-middle malicious users to spoof a peer via an arbitrary certificate.
Pywbem Project Pywbem
NA
CVE-2021-43766
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL cert...
Odyssey Project Odyssey 1.1
NA
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »