Lucene search
+L

117 matches found

hackerone
hackerone
added 2025/05/01 5:57 a.m.8 views

curl: [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Summary: The --capath option in cURL and CURLOPTCAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root. This allows for full Man-in-the-Middle...

9.8CVSS7.2AI score0.04325EPSS
Exploits1
suse
suse
added 2025/02/28 2:39 p.m.3 views

Security update for openssh8.4

This update for openssh8.4 fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: Fix usage of local accelerator cards via openssl-ibmca bsc1216474, bsc1218871. Add patches from upstream to change the default...

6.8CVSS7.1AI score0.06997EPSS
Exploits4References20
openvas
openvas
added 2025/02/18 12:0 a.m.84 views

OpenBSD OpenSSH 6.8p1 - 9.9p1 MitM Vulnerability

OpenBSD OpenSSH is prone to a man-in-the-middle MitM vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.8CVSS6AI score0.38474EPSS
Exploits5References6
redhatcve
redhatcve
added 2025/02/05 11:58 a.m.9 views

CVE-2024-7570

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user...

8.3CVSS6.5AI score0.00542EPSS
Exploits0References1
rosalinux
rosalinux
added 2025/01/28 12:37 p.m.11 views

Advisory ROSA-SA-2025-2614

software: yt-dlp 2023.09.24 WASP: ROSA-CHROME packageevrstring: yt-dlp-2023.09.24-1 CVE-ID: CVE-2023-46121 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in yt-dlp allows an attacker to perform a MITM attack and gain access to a cookie. CVE-STATUS: The vulnerability has been resolved...

5CVSS6.9AI score0.00318EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/12/05 12:0 a.m.2 views

PT-2024-10115

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 25.3.2.8 through 27.0 Erlang OTP version 26.2 Erlang OTP versions prior to 27.1.3 Description A regression in the ssl application of Erlang OTP causes a server or client to verify the peer even when incorrect extended key...

5.5CVSS5.8AI score0.00251EPSS
Exploits0References17
openvas
openvas
added 2023/09/13 12:0 a.m.11 views

Debian: Security Advisory (DLA-3564-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.00962EPSS
Exploits1References3
pypa
pypa
added 2023/08/04 4:15 p.m.8 views

PYSEC-2023-139

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

9.3CVSS6.8AI score0.00229EPSS
Exploits0References8Affected Software1
ibm
ibm
added 2023/03/29 1:48 a.m.45 views

Security Bulletin: OpenSSL vulnerability in Lenovo SAN Volume Controller and Storwize Family (CVE-2014-0224)

Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Security vulnerability in OpenSSL Vulnerability Details --- CVEID: CVE-2014-0224 DESCRIPTION : SSL/TLS MITM vulnerability An...

7.4CVSS7.6AI score0.99614EPSS
Exploits16
rustsec
rustsec
added 2023/03/24 12:0 p.m.18 views

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

7AI score
Exploits0Affected Software1
susecve
susecve
added 2023/02/15 5:22 a.m.4 views

SUSE CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . dot character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS8.6AI score0.01052EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

7.5CVSS6.1AI score0.00708EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/07/28 12:0 a.m.6 views

Teradici PCoIP Zero Clients 信任管理问题漏洞

Teradici PCoIP Zero Clients is an ultra-secure endpoint from Teradici Canada. It uses a highly integrated, specialized processor to transmit pixels, not data, to the user's desktop. A trust management issue vulnerability exists in Teradici PCoIP Zero Clients Firmware version 22.01.5, 22.04.1 and...

8.1CVSS7.7AI score0.00531EPSS
Exploits0References2
nessus
nessus
added 2022/06/16 12:0 a.m.67 views

Fortinet FortiOS < 6.4 MitM (FG-IR-18-292)

An improper certificate validation vulnerability in FortiOS allows an adjacent, unauthenticated attacker to man-in-the-middle communication. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

5.4CVSS5.1AI score0.00479EPSS
Exploits0References2
openvas
openvas
added 2022/05/30 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2022-0208)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.8AI score0.02419EPSS
Exploits0References7
osv
osv
added 2022/05/28 8:56 a.m.4 views

MGASA-2022-0208 Updated pidgin packages fix security vulnerability

MITM vulnerability when DNSSEC wasn't used CVE-2022-26491...

5.9CVSS5.6AI score0.02419EPSS
Exploits0References6
osv
osv
added 2022/05/17 7:13 a.m.1 views

SUSE-SU-2022:1693-1 Security update for pidgin

This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...

5.9CVSS5.7AI score0.02419EPSS
Exploits0References3
osv
osv
added 2022/05/16 8:1 a.m.3 views

SUSE-SU-2022:1665-1 Security update for pidgin

This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...

5.9CVSS5.7AI score0.02419EPSS
Exploits0References3
osv
osv
added 2022/05/16 8:1 a.m.2 views

SUSE-SU-2022:1664-1 Security update for pidgin

This update for pidgin fixes the following issues: - CVE-2022-26491: Fixed MITM vulnerability when DNSSEC wasn't used bsc1199025...

5.9CVSS5.7AI score0.02419EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/04/15 12:0 a.m.51 views

Moxa MGate 安全漏洞

Moxa MGate is a series of Ethernet gateway products from Moxa China. A security vulnerability exists in the Moxa MGate that allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 series firmware version 4.2 or lower. and MGate MB3270 series firmware...

7.4CVSS7.3AI score0.00769EPSS
Exploits0References2
Rows per page
Query Builder