Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-18259 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. | |||||
CVE-2019-0608 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2019-12-16 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | |||||
CVE-2019-0388 | 1 Sap | 1 Ui | 2019-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | |||||
CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2019-11-08 | 2.6 LOW | 5.9 MEDIUM |
Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
CVE-2019-1357 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2019-10-11 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | |||||
CVE-2017-8422 | 1 Kde | 2 Kauth, Kdelibs | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | |||||
CVE-2017-6405 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | |||||
CVE-2017-18190 | 3 Apple, Canonical, Debian | 3 Cups, Ubuntu Linux, Debian Linux | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | |||||
CVE-2018-15588 | 1 Freron | 1 Mailmate | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. | |||||
CVE-2017-14487 | 1 Ohmibod | 1 Ohmibod Remote | 2019-10-02 | 6.4 MEDIUM | 9.1 CRITICAL |
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml. | |||||
CVE-2017-11717 | 1 Metinfo Project | 1 Metinfo | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. | |||||
CVE-2017-16897 | 1 Auth0 | 1 Passport-wsfed-saml2 | 2019-10-02 | 9.3 HIGH | 8.1 HIGH |
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). |