CWE:
 

Topic
Date
Author
Med.
Microsoft Windows Hello Face Authentication Bypass
20.12.2017
SySS


CVEMAP Search Results

CVE
Details
Description
2019-11-12
Medium
CVE-2019-1234

Vendor: Microsoft
Software: Azure stack
 

 
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.

 
2019-11-05
Low
CVE-2013-5661

Vendor: ISC
Software: BIND
 

 
Cache Poisoning issue exists in DNS Response Rate Limiting.

 
2019-10-10
Low
CVE-2019-1357

Vendor: Microsoft
Software: EDGE
 

 
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.

 
Low
CVE-2019-0608

Vendor: Microsoft
Software: EDGE
 

 
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.

 
2019-10-09
Medium
CVE-2019-15022

Vendor: Zingbox
Software: Inspector
 

 
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.

 
2019-09-17
Medium
CVE-2019-16378

Vendor: Trusteddomain
Software: Opendmarc
 

 
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.

 
2019-02-11
Medium
CVE-2018-15588

Vendor: Freron
Software: Mailmate
 

 
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.

 
2018-12-05
Medium
CVE-2018-19754

Updating...
 

 
Tarantella Enterprise before 3.11 allows bypassing Access Control.

 
2018-09-19
Low
CVE-2018-3829

Vendor: Elastic
Software: Elastic clou...
 

 
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.

 
2018-05-17
Medium
CVE-2018-7160

Vendor: Nodejs
Software: Node.js
 

 
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top