1429 matches found
EUVD-2020-31250
OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...
CVE-2023-31485
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...
CVE-2009-4510
The SSH service on the TANDBERG Video Communication Server VCS before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets...
CVE-2021-33338
The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery CSRF attacks via the pauth parameter...
CVE-2021-31747
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in updateapplet.php, which could lead to man-in-the-middle attacks...
CVE-2020-7213
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...
CVE-2024-34454
Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature and because is accepted as a Common Name...
CVE-2025-23114
A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...
CVE-2019-16546
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks...
CVE-2025-1099
This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and ma...
PT-2025-48465
Name of the Vulnerable Software and Affected Versions Kerlink gateways versions prior to 5.10 Description Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, lacking HTTPS support. This absence of transport layer security enables a...
EUVD-2020-4421
Malware in sbrugna...
EUVD-2016-2826
Malware in sbrugna...
EUVD-2014-7377
Malware in sbrugna...
EUVD-2017-17878
Malware in sbrugna...
EUVD-2014-5834
Malware in sbrugna...
EUVD-2011-0564
Malware in sbrugna...
EUVD-2011-0651
Malware in sbrugna...
EUVD-2012-4823
Malware in sbrugna...
EUVD-2014-6569
Malware in sbrugna...