Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7480 | 1 Rootkit Hunter Project | 1 Rootkit Hunter | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. | |||||
| CVE-2017-12735 | 1 Siemens | 2 Logo\!, Logo\! 8 Bm Firmware | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. | |||||
| CVE-2017-6052 | 1 Hyundaiusa | 1 Blue Link | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. | |||||
| CVE-2017-15086 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-15085 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-9941 | 1 Siemens | 1 Sipass Integrated | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication. | |||||
| CVE-2017-6870 | 1 Siemens | 1 Simatic Wincc Sm\@rtclient | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2024-50565 | 2025-04-08 | N/A | 3.1 LOW | ||
| A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | |||||
| CVE-2023-38272 | 2025-03-28 | N/A | 5.9 MEDIUM | ||
| IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments. | |||||
| CVE-2019-19751 | 2025-03-28 | N/A | 5.6 MEDIUM | ||
| easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. | |||||
| CVE-2024-12602 | 1 Huawei | 1 Harmonyos | 2025-03-17 | N/A | 6.2 MEDIUM |
| Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-2190 | 2025-03-11 | N/A | 8.1 HIGH | ||
| The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. | |||||
| CVE-2024-47258 | 2025-02-21 | N/A | 8.1 HIGH | ||
| 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices. | |||||
| CVE-2024-36553 | 2025-02-10 | N/A | 8.1 HIGH | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack. | |||||
| CVE-2024-27263 | 2025-01-28 | N/A | 5.3 MEDIUM | ||
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. | |||||
| CVE-2024-32049 | 1 F5 | 1 Big-ip Next Central Manager | 2024-12-12 | N/A | 7.4 HIGH |
| BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-7008 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2024-11-22 | N/A | 5.9 MEDIUM |
| A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. | |||||
| CVE-2024-31206 | 2024-11-21 | N/A | 8.2 HIGH | ||
| dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | |||||
| CVE-2023-4885 | 1 Open5gs | 1 Open5gs | 2024-11-21 | N/A | 6.5 MEDIUM |
| Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | |||||
| CVE-2023-32634 | 1 Softether | 1 Vpn | 2024-11-21 | N/A | 7.8 HIGH |
| An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | |||||