Total
392 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13715 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13709 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-13708 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13704 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-13703 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13701 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-12131 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | |||||
| CVE-2019-11189 | 1 Opennetworking | 1 Onos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy. | |||||
| CVE-2019-10875 | 1 Mi | 2 Mi Browser, Mint Browser | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user. | |||||
| CVE-2019-0608 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | |||||
| CVE-2019-0388 | 1 Sap | 1 Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | |||||
| CVE-2019-0283 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document. | |||||
| CVE-2018-8425 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8388 | 1 Microsoft | 1 Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. | |||||
| CVE-2018-8383 | 1 Microsoft | 1 Edge | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. | |||||
| CVE-2018-8278 | 1 Microsoft | 2 Edge, Windows 10 | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | |||||
| CVE-2018-8153 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-7842 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | |||||
| CVE-2018-7160 | 1 Nodejs | 1 Node.js | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | |||||
| CVE-2018-5354 | 1 Anixis | 1 Password Reset Client | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. | |||||