Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19003 | 1 Liftoffsoftware | 1 Gate One | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | |||||
| CVE-2020-17516 | 1 Apache | 1 Cassandra | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. | |||||
| CVE-2020-16250 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | |||||
| CVE-2020-13529 | 3 Fedoraproject, Netapp, Systemd Project | 4 Fedora, Active Iq Unified Manager, Cloud Backup and 1 more | 2024-11-21 | 2.9 LOW | 6.1 MEDIUM |
| An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. | |||||
| CVE-2020-12272 | 2 Fedoraproject, Trusteddomain | 2 Fedora, Opendmarc | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. | |||||
| CVE-2020-11015 | 1 Thinx-device-api Project | 1 Thinx-device-api | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0. | |||||
| CVE-2020-10807 | 1 Mitre | 1 Caldera | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. | |||||
| CVE-2020-10136 | 4 Cisco, Digi, Hp and 1 more | 63 Nexus 1000v, Nexus 1000ve, Nexus 3016 and 60 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing. | |||||
| CVE-2020-10135 | 2 Bluetooth, Opensuse | 2 Bluetooth Core, Leap | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. | |||||
| CVE-2019-3884 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | |||||
| CVE-2019-25023 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. | |||||
| CVE-2019-20790 | 3 Fedoraproject, Pypolicyd-spf Project, Trusteddomain | 3 Fedora, Pypolicyd-spf, Opendmarc | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field. | |||||
| CVE-2019-20203 | 1 Postieplugin | 1 Postie | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. | |||||
| CVE-2019-1357 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | |||||
| CVE-2019-1318 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'. | |||||
| CVE-2019-1234 | 1 Microsoft | 1 Azure Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | |||||
| CVE-2019-18991 | 1 Qualcomm | 6 Atheros Ar9132, Atheros Ar9132 Firmware, Atheros Ar9283 and 3 more | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | |||||
| CVE-2019-18990 | 1 Realtek | 8 Rtl8192er, Rtl8192er Firmware, Rtl8196d and 5 more | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | |||||
| CVE-2019-18989 | 1 Mediatek | 2 Mt7620n, Mt7620n Firmware | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. | |||||
| CVE-2019-18659 | 1 Ready | 1 Wireless Emergency Alerts | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. | |||||