Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12399 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. | ||||
| CVE-2018-12403 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | ||||
| CVE-2018-12331 | 1 Ecos | 1 System Management Appliance | 2024-08-05 | N/A |
| Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." | ||||
| CVE-2018-8425 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-08-05 | N/A |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||||
| CVE-2018-8388 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. | ||||
| CVE-2018-8383 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. | ||||
| CVE-2018-8278 | 1 Microsoft | 2 Edge, Windows 10 | 2024-08-05 | N/A |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||||
| CVE-2018-8153 | 1 Microsoft | 1 Exchange Server | 2024-08-05 | N/A |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | ||||
| CVE-2018-7842 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-08-05 | 9.8 Critical |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | ||||
| CVE-2018-5353 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | 9.8 Critical |
| The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required | ||||
| CVE-2018-5354 | 1 Anixis | 1 Password Reset Client | 2024-08-05 | 8.8 High |
| The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. | ||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-08-05 | 5.3 Medium |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | ||||
| CVE-2019-25023 | 1 Scytl | 1 Secure Vote | 2024-08-05 | 6.5 Medium |
| An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. | ||||
| CVE-2019-20790 | 3 Fedoraproject, Pypolicyd-spf Project, Trusteddomain | 3 Fedora, Pypolicyd-spf, Opendmarc | 2024-08-05 | 9.8 Critical |
| OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. | ||||
| CVE-2019-20203 | 1 Postieplugin | 1 Postie | 2024-08-05 | 5.3 Medium |
| The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. | ||||
| CVE-2019-19844 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-08-05 | 9.8 Critical |
| Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) | ||||
| CVE-2019-18991 | 1 Qualcomm | 6 Atheros Ar9132, Atheros Ar9132 Firmware, Atheros Ar9283 and 3 more | 2024-08-05 | 5.4 Medium |
| A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | ||||
| CVE-2019-18990 | 1 Realtek | 8 Rtl8192er, Rtl8192er Firmware, Rtl8196d and 5 more | 2024-08-05 | 5.4 Medium |
| A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | ||||
| CVE-2019-18989 | 1 Mediatek | 2 Mt7620n, Mt7620n Firmware | 2024-08-05 | 5.4 Medium |
| A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | ||||
| CVE-2019-18659 | 1 Ready | 1 Wireless Emergency Alerts | 2024-08-05 | 5.3 Medium |
| The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. | ||||