Search
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6810 | 1 Mozilla | 1 Firefox | 2020-03-31 | 4.3 MEDIUM | 4.3 MEDIUM |
| After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74. | |||||
| CVE-2020-6808 | 1 Mozilla | 1 Firefox | 2020-03-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. | |||||
| CVE-2019-13715 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13709 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
| CVE-2019-13708 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13704 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-13703 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13701 | 1 Google | 1 Chrome | 2020-01-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-0608 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2019-12-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | |||||
| CVE-2019-0388 | 1 Sap | 1 Ui | 2019-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation. | |||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2019-11-08 | 2.6 LOW | 5.9 MEDIUM |
| Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
| CVE-2019-1357 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2019-10-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | |||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2019-10-09 | 3.5 LOW | 5.3 MEDIUM |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | |||||
| CVE-2017-12096 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2019-10-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. | |||||
| CVE-2017-12095 | 1 Meetcircle | 1 Circle With Disney Firmware | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed "de-auth" packets to trigger this vulnerability. | |||||