Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-28124
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 up to and including 6.5.1b. Missing server authentication in impacted versions can allow an malicious user to Man-in-the-middle (MITM) support channe...
Cohesity Cohesity Dataplatform
NA
CVE-2015-2968
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
Line Line\\@ 1.0.0
605
VMScore
CVE-2018-1000828
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in ...
Frostwire Frostwire 6.1.6
Frostwire Frostwire 6.1.7
Frostwire Frostwire 6.1.8
Frostwire Frostwire 6.3.0
Frostwire Frostwire 6.3.1
Frostwire Frostwire 6.3.2
Frostwire Frostwire 6.3.7
Frostwire Frostwire 6.4.0
Frostwire Frostwire 6.4.7
Frostwire Frostwire 6.4.8
Frostwire Frostwire 6.6.0
Frostwire Frostwire 6.6.1
Frostwire Frostwire 6.6.2
Frostwire Frostwire 1.9.9
Frostwire Frostwire 6.2.0
Frostwire Frostwire 6.2.1
Frostwire Frostwire 6.3.3
Frostwire Frostwire 6.3.6
Frostwire Frostwire 6.4.1
Frostwire Frostwire 6.4.3
Frostwire Frostwire 6.4.5
Frostwire Frostwire 6.4.6
NA
CVE-2015-0897
LINE for Android version 5.0.2 and previous versions and LINE for iOS version 5.0.0 and previous versions are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MIT...
Line Line
NA
CVE-2022-48307
It exists that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle ...
Palantir Magritte-ftp
NA
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
NA
CVE-2021-43766
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL cert...
Odyssey Project Odyssey 1.1
383
VMScore
CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x prior to 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle malicious users to conduct replay attacks via unspecified vectors.
Zeromq Zeromq 4.0.2
Zeromq Zeromq 4.0.1
Zeromq Zeromq 4.0.4
Zeromq Zeromq 4.0.3
Zeromq Zeromq 4.0.0
516
VMScore
CVE-2013-6418
PyWBEM 0.7 and previous versions uses a separate connection to validate X.509 certificates, which allows man-in-the-middle malicious users to spoof a peer via an arbitrary certificate.
Pywbem Project Pywbem
NA
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »