CVE Daily
← All tags

Tag: Mitm

All CVEs associated with "Mitm". Page 32/32 • 3809 CVEs.

Subscribe CVEs: RSS for “Mitm”  ·  RSS (High+Critical only)

About “Mitm”

A curated feed of “Mitm”-related CVEs appears below. We currently track 3809 CVEs for this tag (all time). In the last 365 days, 218 were published. Average CVSS is 6.1 (all time; 6.6 over 365d), and 25% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-295 - Improper Certificate Validation, CWE-319 - Cleartext Transmission of Sensitive Information, CWE-297 - Improper Validation of Certificate with Host Mismatch.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2008-08-18
Low

CVE-2008-3270

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle att…

CVSS: 2.6 CWE: CWE-310 View on NVD
High

CVE-2008-3324

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse up…

CVSS: 8.1 CWE: CWE-494 - Download of Code Without Integrity Check View on NVD
2008-08-01
Critical

CVE-2007-2952

Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2008-3433

SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3434

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilg…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3435

LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3436

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse up…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3437

OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated b…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS…

CVSS: 8.1 CWE: CWE-494 - Download of Code Without Integrity Check View on NVD
High

CVE-2008-3439

SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demon…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3440

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Tro…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3441

Nullsoft Winamp before 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evil…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2008-3442

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2008-07-28
High

CVE-2008-3323

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a pa…

CVSS: 7.6 CWE: CWE-20 - Improper Input Validation View on NVD
2008-07-18
Medium

CVE-2008-3217

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NO…

CVSS: 6.8 CWE: CWE-189 View on NVD
2008-07-08
Critical

CVE-2008-1454

Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to acce…

CVSS: 9.4 CWE: N/A View on NVD
2008-07-07
High

CVE-2008-1676

Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certific…

CVSS: 7.5 CWE: CWE-255 View on NVD
2008-04-30
Medium

CVE-2008-2011

Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2008-03-04
Medium

CVE-2008-1146

A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive valu…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2008-1148

A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attacke…

CVSS: 6.8 CWE: N/A View on NVD
2008-03-03
High

CVE-2008-1113

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2008-1114

Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashe…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-02-08
Critical

CVE-2008-0640

Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute a…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2007-12-19
Critical

CVE-2007-5863

Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution d…

CVSS: 9.3 CWE: CWE-310 View on NVD
2007-12-13
Critical

CVE-2007-6330

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which…

CVSS: 10.0 CWE: N/A View on NVD
2007-12-05
Medium

CVE-2007-5355

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a s…

CVSS: 5.8 CWE: N/A View on NVD
2007-11-15
Medium

CVE-2007-4680

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

CVSS: 6.8 CWE: CWE-287 - Improper Authentication View on NVD
2007-11-14
Medium

CVE-2007-5770

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches th…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2007-10-14
Medium

CVE-2007-5195

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials…

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2007-5196

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2007-10-01
Medium

CVE-2007-5162

The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the doma…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2007-09-27
Medium

CVE-2007-3754

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2007-08-31
Medium

CVE-2007-4613

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle a…

CVSS: 6.8 CWE: CWE-310 View on NVD
2007-08-17
High

CVE-2007-4389

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as…

CVSS: 7.8 CWE: N/A View on NVD
2007-07-24
Medium

CVE-2007-2926

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it ea…

CVSS: 4.3 CWE: N/A View on NVD
2007-06-29
Medium

CVE-2007-3499

SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (…

CVSS: 6.4 CWE: N/A View on NVD
2007-06-21
High

CVE-2007-3319

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which al…

CVSS: 7.5 CWE: N/A View on NVD
2007-06-11
Critical

CVE-2007-3150

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refre…

CVSS: 9.3 CWE: N/A View on NVD
2007-06-04
Medium

CVE-2007-2513

Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.

CVSS: 4.3 CWE: N/A View on NVD
2007-05-11
High

CVE-2007-2593

The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly condu…

CVSS: 7.5 CWE: N/A View on NVD
2007-04-30
High

CVE-2006-7199

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a le…

CVSS: 8.5 CWE: N/A View on NVD
2007-04-16
Low

CVE-2007-1558

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level…

CVSS: 2.6 CWE: N/A View on NVD
2007-03-24
Critical

CVE-2007-1644

The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to chang…

CVSS: 10.0 CWE: N/A View on NVD
2007-02-26
High

CVE-2007-1099

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

CVSS: 7.5 CWE: N/A View on NVD
2007-02-20
Low

CVE-2007-1008

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes r…

CVSS: 2.6 CWE: N/A View on NVD
2007-01-23
Medium

CVE-2007-0411

BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM)…

CVSS: 6.8 CWE: N/A View on NVD
2006-12-31
High

CVE-2006-5867

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive in…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2006-12-20
Low

CVE-2006-6477

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent b…

CVSS: 2.4 CWE: N/A View on NVD
2006-11-21
Medium

CVE-2006-5990

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 ce…

CVSS: 4.0 CWE: CWE-20 - Improper Input Validation View on NVD
2006-11-06
Medium

CVE-2006-5746

The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (…

CVSS: 6.4 CWE: N/A View on NVD
2006-08-31
Medium

CVE-2006-4499

ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network…

CVSS: 5.0 CWE: N/A View on NVD
2006-07-07
Medium

CVE-2006-3415

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.

CVSS: 6.4 CWE: N/A View on NVD
2006-06-01
Medium

CVE-2006-2703

The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attac…

CVSS: 5.0 CWE: N/A View on NVD
2006-05-19
Medium

CVE-2006-2479

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbi…

CVSS: 5.0 CWE: N/A View on NVD
2006-04-25
Medium

CVE-2006-0231

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and…

CVSS: 6.4 CWE: N/A View on NVD
2005-12-07
Medium

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Serv…

CVSS: 4.0 CWE: N/A View on NVD
2005-11-01
Low

CVE-2005-3402

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers t…

CVSS: 2.6 CWE: N/A View on NVD
2005-10-18
Medium

CVE-2005-2969

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preven…

CVSS: 5.0 CWE: N/A View on NVD
2005-09-02
Medium

CVE-2005-2779

The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attac…

CVSS: 5.0 CWE: N/A View on NVD
2005-08-10
Low

CVE-2005-1982

Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle…

CVSS: 3.6 CWE: N/A View on NVD
2005-06-01
High

CVE-2005-1794

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of le…

CVSS: 7.4 CWE: N/A View on NVD
2004-12-31
Medium

CVE-2004-2621

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates…

CVSS: 4.0 CWE: N/A View on NVD
2004-10-18
Medium

CVE-2004-1611

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the s…

CVSS: 5.1 CWE: N/A View on NVD
2004-06-01
High

CVE-2004-0155

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish…

CVSS: 7.5 CWE: N/A View on NVD
2004-03-23
Medium

CVE-2004-1855

Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.

CVSS: 5.0 CWE: N/A View on NVD
2003-06-16
Medium

CVE-2003-0292

Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that th…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2003-0370

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle atta…

CVSS: 7.5 CWE: N/A View on NVD
2003-04-22
Medium

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote att…

CVSS: 5.0 CWE: N/A View on NVD
2003-04-11
High

CVE-2002-1407

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-mid…

CVSS: 7.5 CWE: N/A View on NVD
2002-12-31
Medium

CVE-2002-1824

Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer cert…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2002-1937

Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2002-1955

Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2002-2125

Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could all…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2002-2139

Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2002-2211

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2002-2213

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack th…

CVSS: 5.0 CWE: N/A View on NVD
2002-10-04
Medium

CVE-2002-0862

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Ma…

CVSS: 6.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2002-1106

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which a…

CVSS: 7.5 CWE: N/A View on NVD
2002-09-24
High

CVE-2002-0970

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of t…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2002-0978

Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT…

CVSS: 5.0 CWE: N/A View on NVD
2001-12-31
Medium

CVE-2001-1568

CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2001-1569

Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-i…

CVSS: 6.4 CWE: N/A View on NVD
2001-10-18
High

CVE-2001-0737

A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack.

CVSS: 7.5 CWE: N/A View on NVD
2001-08-27
Medium

CVE-2001-1443

KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications vi…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2001-1444

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
2001-01-18
High

CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the tar…

CVSS: 7.5 CWE: CWE-310 View on NVD
2000-05-18
Medium

CVE-2000-0394

NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.

CVSS: 5.0 CWE: N/A View on NVD
1997-08-13
Medium

CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs.

CVSS: 5.0 CWE: N/A View on NVD