CVE-2022-26491

A flaw was found in Pidgin. This issue allows the performance of a man-in-the-middle attack MITM against a client via DNS spoofing if the XMPP connections are not using the Domain Name System Security Extensions DNSSEC...

CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

OpenSSL 加密问题漏洞

OpenSSL is an open source general-purpose cryptographic library from the Openssl team capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure...

Google Android Trust Management Issues Vulnerability (CNVD-2022-33102)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a trust management issue vulnerability that stems from a certificate validation error in A-GPS. A remote attacker can exploit this vulnerability to perform MitM attacks...

CVE-2022-27048

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 ...

Design/Logic Flaw

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 ...

CVE-2022-27048

CVE-2022-27048 affects Moxa MGate protocol gateways (MB3170, MB3270, MB3280, MB3480) with firmware versions at or below 4.2/4.1/3.2 depending on model, where a MITM vulnerability is possible via network-facing components. The issue is described as enabling a man-in-the-middle attack on vulnerable...

CVE-2022-27048

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 ...

PAN-OS: Denial-of-Service (DoS) Vulnerability in DNS Proxy

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle MITM to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to...

totolink EX300_v2 Command Injection Vulnerability (CNVD-2022-54662)

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 version has a command injection vulnerability, which can be exploited by attackers to remotely execute code as root via MitM attack...

CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...

PYSEC-2022-172

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master...

UBUNTU-CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

OESA-2022-1598 postgresql-13 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:0770-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0770-1 advisory. - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and...

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

openSUSE 15 Security Update : buildah (openSUSE-SU-2022:0770-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0770-1 advisory. - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in...

CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...