Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Microsoft Windows Hello Face Authentication Bypass
20.12.2017
SySS
CVEMAP Search Results
CVE
Details
Description
2019-11-12
Medium
CVE-2019-1234
Vendor:
Microsoft
Software:
Azure stack
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
2019-11-05
Low
CVE-2013-5661
Vendor:
ISC
Software:
BIND
Cache Poisoning issue exists in DNS Response Rate Limiting.
2019-10-10
Low
CVE-2019-1357
Vendor:
Microsoft
Software:
EDGE
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.
Low
CVE-2019-0608
Vendor:
Microsoft
Software:
EDGE
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
2019-10-09
Medium
CVE-2019-15022
Vendor:
Zingbox
Software:
Inspector
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
2019-09-17
Medium
CVE-2019-16378
Vendor:
Trusteddomain
Software:
Opendmarc
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
2019-02-11
Medium
CVE-2018-15588
Vendor:
Freron
Software:
Mailmate
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
2018-12-05
Medium
CVE-2018-19754
Updating...
Tarantella Enterprise before 3.11 allows bypassing Access Control.
2018-09-19
Low
CVE-2018-3829
Vendor:
Elastic
Software:
Elastic clou...
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data.
2018-05-17
Medium
CVE-2018-7160
Vendor:
Nodejs
Software:
Node.js
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Copyright
2019
, cxsecurity.com
Back to Top
