Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2015-2968
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
Line Line\\@ 1.0.0
3.7
CVSSv3
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
Kde Trojita 0.7
9
CVSSv3
CVE-2018-1000828
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in ...
Frostwire Frostwire 6.1.6
Frostwire Frostwire 6.1.7
Frostwire Frostwire 6.1.8
Frostwire Frostwire 6.3.0
Frostwire Frostwire 6.3.1
Frostwire Frostwire 6.3.2
Frostwire Frostwire 6.3.7
Frostwire Frostwire 6.4.0
Frostwire Frostwire 6.4.7
Frostwire Frostwire 6.4.8
Frostwire Frostwire 6.6.0
Frostwire Frostwire 6.6.1
Frostwire Frostwire 6.6.2
Frostwire Frostwire 1.9.9
Frostwire Frostwire 6.2.0
Frostwire Frostwire 6.2.1
Frostwire Frostwire 6.3.3
Frostwire Frostwire 6.3.6
Frostwire Frostwire 6.4.1
Frostwire Frostwire 6.4.3
Frostwire Frostwire 6.4.5
Frostwire Frostwire 6.4.6
5.9
CVSSv3
CVE-2015-0897
LINE for Android version 5.0.2 and previous versions and LINE for iOS version 5.0.0 and previous versions are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MIT...
Line Line
3.7
CVSSv3
CVE-2022-48307
It exists that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle ...
Palantir Magritte-ftp
8.1
CVSSv3
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
NA
CVE-2013-6418
PyWBEM 0.7 and previous versions uses a separate connection to validate X.509 certificates, which allows man-in-the-middle malicious users to spoof a peer via an arbitrary certificate.
Pywbem Project Pywbem
NA
CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x prior to 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle malicious users to conduct replay attacks via unspecified vectors.
Zeromq Zeromq 4.0.2
Zeromq Zeromq 4.0.1
Zeromq Zeromq 4.0.4
Zeromq Zeromq 4.0.3
Zeromq Zeromq 4.0.0
8.1
CVSSv3
CVE-2021-43766
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL cert...
Odyssey Project Odyssey 1.1
7.4
CVSSv3
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »