Total
1088 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45856 | 1 Fortinet | 2 Forticlient, Forticlientios | 2024-09-26 | 4.6 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all versions, 7.0 all versions, 7.2.0 and FortiClientiOS 5.6 all versions, 6.0.0 through 6.0.1, 7.0.0 through 7.0.6 SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. | ||||
| CVE-2023-4801 | 1 Proofpoint | 1 Insider Threat Management | 2024-09-25 | 7.5 High |
| An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | ||||
| CVE-2023-38351 | 1 Minitool | 1 Partition Wizard | 2024-09-25 | 8.1 High |
| MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | ||||
| CVE-2023-38352 | 1 Minitool | 1 Partition Wizard | 2024-09-25 | 8.1 High |
| MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | ||||
| CVE-2023-38353 | 1 Minitool | 1 Power Data Recovery | 2024-09-25 | 5.9 Medium |
| MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | ||||
| CVE-2023-38354 | 1 Minitool | 1 Shadowmaker | 2024-09-25 | 8.1 High |
| MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | ||||
| CVE-2023-38355 | 1 Minitool | 1 Movie Maker | 2024-09-25 | 8.1 High |
| MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | ||||
| CVE-2023-38356 | 1 Minitool | 1 Power Data Recovery | 2024-09-25 | 8.1 High |
| MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | ||||
| CVE-2024-8287 | 1 Canonical | 1 Anbox Cloud | 2024-09-24 | 7.5 High |
| Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this. | ||||
| CVE-2024-8007 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-09-23 | 8.1 High |
| A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. | ||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2024-09-20 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | ||||
| CVE-2024-31489 | 1 Fortinet | 4 Forticlient, Forticlientlinux, Forticlientmac and 1 more | 2024-09-20 | 6.4 Medium |
| AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | ||||
| CVE-2023-47742 | 2024-09-20 | 5.9 Medium | ||
| IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. | ||||
| CVE-2024-45159 | 1 Arm | 1 Mbed Tls | 2024-09-19 | 9.8 Critical |
| An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert). | ||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-09-19 | 7.2 High |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | ||||
| CVE-2023-45613 | 1 Jetbrains | 1 Ktor | 2024-09-18 | 6.8 Medium |
| In JetBrains Ktor before 2.3.5 server certificates were not verified | ||||
| CVE-2023-5554 | 1 Linecorp | 1 Line | 2024-09-18 | 4.8 Medium |
| Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | ||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2024-09-17 | 7.5 High |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | ||||
| CVE-2023-31580 | 1 Networknt | 1 Light-oauth2 | 2024-09-17 | 5.9 Medium |
| light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | ||||
| CVE-2017-1000417 | 1 Matrixssl | 1 Matrixssl | 2024-09-17 | N/A |
| MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | ||||