Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
man-in-the-middle vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-7202
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 prior to 4.0.5 allows man-in-the-middle malicious users to conduct downgrade attacks via a crafted connection request.
Zeromq Zeromq 4.0.0
Zeromq Zeromq 4.0.4
NA
CVE-2015-2968
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
Line Line\\@ 1.0.0
NA
CVE-2015-0897
LINE for Android version 5.0.2 and previous versions and LINE for iOS version 5.0.0 and previous versions are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MIT...
Line Line
6.8
CVSSv2
CVE-2018-1000828
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in ...
Frostwire Frostwire 6.1.6
Frostwire Frostwire 6.1.7
Frostwire Frostwire 6.1.8
Frostwire Frostwire 6.3.0
Frostwire Frostwire 6.3.1
Frostwire Frostwire 6.3.2
Frostwire Frostwire 6.3.7
Frostwire Frostwire 6.4.0
Frostwire Frostwire 6.4.7
Frostwire Frostwire 6.4.8
Frostwire Frostwire 6.6.0
Frostwire Frostwire 6.6.1
Frostwire Frostwire 6.6.2
Frostwire Frostwire 1.9.9
Frostwire Frostwire 6.2.0
Frostwire Frostwire 6.2.1
Frostwire Frostwire 6.3.3
Frostwire Frostwire 6.3.6
Frostwire Frostwire 6.4.1
Frostwire Frostwire 6.4.3
Frostwire Frostwire 6.4.5
Frostwire Frostwire 6.4.6
NA
CVE-2022-48307
It exists that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle ...
Palantir Magritte-ftp
NA
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
5.8
CVSSv2
CVE-2013-6418
PyWBEM 0.7 and previous versions uses a separate connection to validate X.509 certificates, which allows man-in-the-middle malicious users to spoof a peer via an arbitrary certificate.
Pywbem Project Pywbem
4.3
CVSSv2
CVE-2014-7203
libzmq (aka ZeroMQ/C++) 4.0.x prior to 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle malicious users to conduct replay attacks via unspecified vectors.
Zeromq Zeromq 4.0.2
Zeromq Zeromq 4.0.1
Zeromq Zeromq 4.0.4
Zeromq Zeromq 4.0.3
Zeromq Zeromq 4.0.0
NA
CVE-2021-43766
Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL cert...
Odyssey Project Odyssey 1.1
NA
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
Redhat Data Grid 8.0.0
Infinispan Hot Rod -
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »