117 matches found
curl: [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)
Summary: The --capath option in cURL and CURLOPTCAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root. This allows for full Man-in-the-Middle...
Security update for openssh8.4
This update for openssh8.4 fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: Fix usage of local accelerator cards via openssl-ibmca bsc1216474, bsc1218871. Add patches from upstream to change the default...
OpenBSD OpenSSH 6.8p1 - 9.9p1 MitM Vulnerability
OpenBSD OpenSSH is prone to a man-in-the-middle MitM vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2024-7570
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...
Advisory ROSA-SA-2025-2614
software: yt-dlp 2023.09.24 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.09.24-1 CVE-ID: CVE-2023-46121 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in yt-dlp allows an attacker to perform a MITM attack and gain access to a cookie. CVE-STATUS: The vulnerability has been resolved...
PT-2024-10115
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 25.3.2.8 through 27.0 Erlang OTP version 26.2 Erlang OTP versions prior to 27.1.3 Description A regression in the ssl application of Erlang OTP causes a server or client to verify the peer even when incorrect extended key...
Debian: Security Advisory (DLA-3564-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PYSEC-2023-139
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...
Security Bulletin: OpenSSL vulnerability in Lenovo SAN Volume Controller and Storwize Family (CVE-2014-0224)
Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Security vulnerability in OpenSSL Vulnerability Details --- CVEID: CVE-2014-0224 DESCRIPTION : SSL/TLS MITM vulnerability An...
TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
SUSE CVE-2015-0832
Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...
SUSE CVE-2021-39358
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Teradici PCoIP Zero Clients 信任管理问题漏洞
Teradici PCoIP Zero Clients is an ultra-secure endpoint from Teradici Canada. It uses a highly integrated, specialized processor to transmit pixels, not data, to the user's desktop. A trust management issue vulnerability exists in Teradici PCoIP Zero Clients Firmware version 22.01.5, 22.04.1 and...
Fortinet FortiOS < 6.4 MitM (FG-IR-18-292)
An improper certificate validation vulnerability in FortiOS allows an adjacent, unauthenticated attacker to man-in-the-middle communication. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...
Mageia: Security Advisory (MGASA-2022-0208)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0208 Updated pidgin packages fix security vulnerability
MITM vulnerability when DNSSEC wasn't used CVE-2022-26491...
SUSE-SU-2022:1693-1 Security update for pidgin
This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...
SUSE-SU-2022:1665-1 Security update for pidgin
This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...
SUSE-SU-2022:1664-1 Security update for pidgin
This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...
Moxa MGate 安全漏洞
Moxa MGate is a series of Ethernet gateway products from Moxa China. A security vulnerability exists in the Moxa MGate that allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 series firmware version 4.2 or lower. and MGate MB3270 series firmware...