Vulnerabilities (CVE)

Filtered by CWE-290
Total 280 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18990 1 Realtek 8 Rtl8192er, Rtl8192er Firmware, Rtl8196d and 5 more 2024-11-21 4.8 MEDIUM 5.4 MEDIUM
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
CVE-2019-18989 1 Mediatek 2 Mt7620n, Mt7620n Firmware 2024-11-21 4.8 MEDIUM 5.4 MEDIUM
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.
CVE-2019-18659 1 Ready 1 Wireless Emergency Alerts 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.
CVE-2019-18259 1 Omron 2 Plc Cj Firmware, Plc Cs Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
CVE-2019-16871 1 Beckhoff 1 Twincat 2024-11-21 9.3 HIGH 9.8 CRITICAL
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
CVE-2019-16378 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
CVE-2019-15022 1 Zingbox 1 Inspector 2024-11-21 5.0 MEDIUM 7.5 HIGH
A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.
CVE-2019-13715 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2019-13709 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
CVE-2019-13708 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13704 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-13703 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-13701 2 Google, Opensuse 2 Chrome, Backports Sle 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2019-12131 1 Onap 1 Open Network Automation Platform 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
CVE-2019-11189 1 Opennetworking 1 Onos 2024-11-21 5.0 MEDIUM 7.5 HIGH
Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply that causes the host mobility application to remove existing access control flow denial rules in the network. The access control application does not re-install flow deny rules, so the attacker can bypass the intended access control policy.
CVE-2019-10875 1 Mi 2 Mi Browser, Mint Browser 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter. The portion of an https URL before the ?q= substring is not shown to the user.
CVE-2019-0608 1 Microsoft 10 Edge, Internet Explorer, Windows 10 and 7 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
CVE-2019-0388 1 Sap 1 Ui 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.
CVE-2019-0283 1 Sap 1 Netweaver Process Integration 2024-11-21 5.5 MEDIUM 7.1 HIGH
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.
CVE-2018-8425 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.