Lucene search
K

117 matches found

CVE
CVE
added 2022/03/23 12:0 a.m.3636 views

CVE-2021-3618

ALPACA (CVE-2021-3618) is an application-layer protocol content confusion attack affecting multiple assets (e.g., nginx, vsftpd, sendmail) where TLS servers configured for different protocols with compatible certificates can allow a MITM attacker to redirect subdomain traffic to another, potentia...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References3Affected Software1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.51 views

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

5.4CVSS4.2AI score0.00213EPSS
Exploits0Affected Software4
OSV
OSV
added 2021/10/13 7:39 p.m.8 views

MGASA-2021-0472 Updated grilo packages fix security vulnerability

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks...

5.9CVSS5.9AI score0.00866EPSS
Exploits0References5
OSV
OSV
added 2021/08/22 7:15 p.m.1 views

UBUNTU-CVE-2021-39361

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

5.9CVSS6.3AI score0.00557EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/07/30 12:0 a.m.7 views

In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections.

...

7.4CVSS9.5AI score0.01817EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.7 views

PT-2021-20922 · Openvpn · Openvpn 3 Core Library

Name of the Vulnerable Software and Affected Versions: OpenVPN 3 Core Library versions 3.6 through 3.6.1 Description: The issue allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the...

7.4CVSS7.4AI score0.00972EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/16 11:57 a.m.3 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00432EPSS
Exploits0References4
OSV
OSV
added 2020/12/02 1:15 a.m.3 views

DEBIAN-CVE-2012-0955

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fix...

7.4CVSS7.4AI score0.00607EPSS
Exploits1References1
VMware
VMware
added 2020/10/20 12:0 a.m.113 views

VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)

3a. ESXi OpenSLP remote code execution vulnerability CVE-2020-3992 OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. NSX-T MITM vulnerability CVE-2020-3993 VMware...

10CVSS7.8AI score0.83015EPSS
Exploits2References31Affected Software8
RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.3 views

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

5.3CVSS7.4AI score0.06147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/31 3:40 p.m.5 views

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

5.3CVSS7.4AI score0.06147EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.29 views

Atlassian Jira < 7.13.14 / 8.5.x < 8.5.5 / 8.8.x < 8.8.2 / 8.9.0 < 8.9.1 MitM (JRASERVER-71198)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.14, or version 8.5.x prior to 8.5.5, 8.8.x prior to 8.8.2, or 8.9.x prior to 8.9.1. It is, therefore, affected by a man-in-the-middle MitM vulnerability in the email clie...

5.9CVSS5.9AI score0.0168EPSS
Exploits0References5
NVD
NVD
added 2020/07/01 2:15 a.m.24 views

CVE-2020-14168

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability...

5.9CVSS0.0168EPSS
Exploits0References1
CVE
CVE
added 2020/07/01 1:35 a.m.89 views

CVE-2020-14168

The MITM vulnerability CVE-2020-14168 affects Jira Server and Data Center’s email client. Affected: Jira versions prior to 7.13.16; 8.5.x before 8.5.7; 8.8.x before 8.8.2; 8.9.x before 8.9.1. Impact: remote attackers could access outgoing emails between a Jira instance and the SMTP server. Remedi...

5.9CVSS5.5AI score0.0168EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2020/05/13 7:46 a.m.6 views

SUSE-SU-2020:1264-1 Security update for openconnect

This update for openconnect fixes the following issue: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509check function calls that might have allowed MITM attacks bsc1170452. Non-security issue fixed: - This is a rebuild to have a higher versio...

5.9CVSS6.5AI score0.01695EPSS
Exploits0References4
OSV
OSV
added 2020/04/27 4:15 p.m.2 views

UBUNTU-CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1...

3.7CVSS6.7AI score0.08096EPSS
Exploits0References6
NVD
NVD
added 2019/12/19 1:15 a.m.39 views

CVE-2019-15006

There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.3AI score0.01905EPSS
Exploits0References5
Cvelist
Cvelist
added 2019/12/19 12:50 a.m.47 views

CVE-2019-15006

There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.3AI score0.01905EPSS
Exploits0References5
Huawei
Huawei
added 2019/05/17 12:0 a.m.120 views

Security Advisory - MITM Vulnerability on Huawei Share

There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...

6.8CVSS6.4AI score0.00329EPSS
Exploits0Affected Software22
OpenVAS
OpenVAS
added 2018/08/02 12:0 a.m.52 views

Burp Suite < 1.7.34 'Collaborator server certificate' MITM Vulnerability - Mac OS X

Burp Suite Community Edition is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS5.7AI score0.00876EPSS
Exploits0References2
Rows per page
Query Builder