ReportizFlow
Filtered by vendor
Subscriptions
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8278 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | N/A |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||||
| CVE-2018-8153 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | ||||
| CVE-2018-7842 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 9.8 Critical |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | ||||
| CVE-2018-7160 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-11-21 | 8.8 High |
| The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | ||||
| CVE-2018-5354 | 1 Anixis | 1 Password Reset Client | 2024-11-21 | 8.8 High |
| The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. | ||||
| CVE-2018-5353 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required | ||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-11-21 | 5.3 Medium |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | ||||
| CVE-2018-1695 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769. | ||||
| CVE-2018-1279 | 1 Pivotal Software | 1 Rabbitmq | 2024-11-21 | N/A |
| Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster. | ||||
| CVE-2018-16483 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | N/A |
| A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators. | ||||
| CVE-2018-15715 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A |
| Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. | ||||
| CVE-2018-15588 | 1 Freron | 1 Mailmate | 2024-11-21 | N/A |
| MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. | ||||
| CVE-2018-15587 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Evolution, Enterprise Linux | 2024-11-21 | N/A |
| GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | ||||
| CVE-2018-12403 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | ||||
| CVE-2018-12399 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. | ||||
| CVE-2018-12331 | 1 Ecos | 1 System Management Appliance | 2024-11-21 | N/A |
| Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." | ||||
| CVE-2017-7762 | 2 Mozilla, Redhat | 5 Firefox, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. | ||||
| CVE-2017-18190 | 4 Apple, Canonical, Debian and 1 more | 4 Cups, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | N/A |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | ||||
| CVE-2017-12610 | 1 Apache | 1 Kafka | 2024-11-21 | N/A |
| In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka. | ||||
| CVE-2017-12095 | 1 Meetcircle | 1 Circle With Disney Firmware | 2024-11-21 | N/A |
| An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. | ||||