Total
265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43220 | 1 Microsoft | 1 Edge Ios | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
| Microsoft Edge for iOS Spoofing Vulnerability | |||||
| CVE-2021-42308 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 5.0 MEDIUM | 3.1 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2021-42320 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2023-12-28 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability | |||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-12-20 | N/A | 7.5 HIGH |
| Windows CryptoAPI Spoofing Vulnerability | |||||
| CVE-2023-6263 | 1 Networkoptix | 1 Nxcloud | 2023-12-18 | N/A | 8.1 HIGH |
| An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server. | |||||
| CVE-2023-50463 | 1 Caddyserver | 1 Caddy | 2023-12-13 | N/A | 6.5 MEDIUM |
| The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). | |||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2023-11-25 | 4.3 MEDIUM | 7.4 HIGH |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||||
| CVE-2022-2310 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2023-11-15 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. | |||||
| CVE-2023-5801 | 1 Huawei | 2 Emui, Harmonyos | 2023-11-15 | N/A | 9.1 CRITICAL |
| Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2021-45036 | 1 Velneo | 1 Vclient | 2023-11-09 | N/A | 7.4 HIGH |
| Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. | |||||
| CVE-2023-34329 | 1 Ami | 1 Megarac Sp-x | 2023-11-07 | N/A | 8.0 HIGH |
| AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | |||||
| CVE-2023-30950 | 1 Palantir | 1 Foundry Campaigns | 2023-11-07 | N/A | 5.9 MEDIUM |
| The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint | |||||
| CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | |||||
| CVE-2022-4746 | 1 Wpmanageninja | 1 Fluentauth | 2023-11-07 | N/A | 7.5 HIGH |
| The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | |||||
| CVE-2022-4550 | 1 User Activity Project | 1 User Activity | 2023-11-07 | N/A | 7.5 HIGH |
| The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | |||||
| CVE-2022-4303 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2023-11-07 | N/A | 7.5 HIGH |
| The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | |||||
| CVE-2022-47648 | 1 Bosch | 2 B420, B420 Firmware | 2023-11-07 | N/A | 8.8 HIGH |
| An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | |||||
| CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2023-11-07 | N/A | 8.5 HIGH |
| It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | |||||
| CVE-2022-35957 | 2 Fedoraproject, Grafana | 2 Fedora, Grafana | 2023-11-07 | N/A | 6.6 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/ | |||||