Fallos del tipo CWE-300
54 resultadosCVE-2009-3555CRITICALThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in thEPSS 87.3%CVE-2017-12150HIGHIt was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration EPSS 13.2%CVE-2017-12151HIGHA flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3EPSS 4.6%CVE-2021-22890MEDIUMcurl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TEPSS 3.1%CVE-2020-10749MEDIUMA vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in KuberneteEPSS 2.4%CVE-2017-7480—rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remotEPSS 2.3%CVE-2021-32926MEDIUMWhen an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includeEPSS 2.2%CVE-2017-15086—It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEEPSS 1.7%CVE-2017-15085—It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEEPSS 1.7%CVE-2017-12697—A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of thiEPSS 1.4%CVE-2018-0025MEDIUMJunos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User AuthenticationEPSS 1.4%CVE-2019-5456—SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP EPSS 1.3%CVE-2021-22909—A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack duEPSS 1.3%CVE-2018-14636MEDIUMLive-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended EPSS 1.2%CVE-2019-3981—MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication proEPSS 1.1%CVE-2017-12735—A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-MiddlEPSS 1.1%CVE-2019-3793HIGHInvitations Service supports HTTP connectionsEPSS 1.1%CVE-2021-41033—In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middEPSS 1.0%CVE-2016-10536—engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communicatioEPSS 1.0%CVE-2023-31004HIGHIBM Security Access Manager Container gain accessEPSS 1.0%