Total
200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8388 | 1 Microsoft | 1 Edge | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. | |||||
CVE-2018-1695 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. | |||||
CVE-2018-16483 | 1 Express-cart Project | 1 Express-cart | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | |||||
CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | |||||
CVE-2018-8383 | 1 Microsoft | 1 Edge | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. | |||||
CVE-2018-15588 | 1 Freron | 1 Mailmate | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. | |||||
CVE-2018-8425 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
CVE-2018-8153 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | |||||
CVE-2018-12331 | 1 Ecos | 1 System Management Appliance | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." | |||||
CVE-2018-8278 | 1 Microsoft | 2 Edge, Windows 10 | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
CVE-2017-18190 | 3 Apple, Canonical, Debian | 3 Cups, Ubuntu Linux, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | |||||
CVE-2017-12095 | 1 Meetcircle | 1 Circle With Disney Firmware | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. | |||||
CVE-2018-7160 | 1 Nodejs | 1 Node.js | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | |||||
CVE-2017-14375 | 2 Dell, Emc | 4 Emc Unisphere, Solutions Enabler, Vasa and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
CVE-2017-12096 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. | |||||
CVE-2017-16897 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). | |||||
CVE-2017-14487 | 1 Ohmibod | 1 Ohmibod Remote | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml. | |||||
CVE-2017-11717 | 1 Metinfo Project | 1 Metinfo | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | |||||
CVE-2017-8422 | 1 Kde | 2 Kauth, Kdelibs | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | |||||
CVE-2017-6405 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. |