Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40823 | 1 Matrix | 1 Javascript Sdk | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients. | |||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | |||||
| CVE-2021-40824 | 1 Matrix | 2 Element, Matrix-android-sdk2 | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients. | |||||
| CVE-2022-21142 | 1 Appleple | 1 A-blog Cms | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | |||||
| CVE-2021-34548 | 1 Torproject | 1 Tor | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. | |||||
| CVE-2023-2887 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2023-08-02 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | |||||
| CVE-2022-35629 | 1 Rapid7 | 1 Velociraptor | 2023-07-21 | N/A | 5.4 MEDIUM |
| Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2022-48513 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-13 | N/A | 9.8 CRITICAL |
| Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-25827 | 1 Emby | 1 Emby | 2023-07-10 | N/A | 9.8 CRITICAL |
| Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address. | |||||
| CVE-2022-2368 | 1 Microweber | 1 Microweber | 2023-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | |||||
| CVE-2023-22814 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2023-07-10 | N/A | 9.8 CRITICAL |
| An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | |||||
| CVE-2023-27964 | 1 Apple | 1 Airpods Firmware | 2023-07-01 | N/A | 5.4 MEDIUM |
| An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. | |||||
| CVE-2022-48469 | 1 Huawei | 2 B535-232a, B535-232a Firmware | 2023-06-26 | N/A | 6.5 MEDIUM |
| There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers. | |||||
| CVE-2023-2807 | 1 Pandorafms | 1 Pandora Fms | 2023-06-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms. | |||||
| CVE-2022-36331 | 1 Westerndigital | 24 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 21 more | 2023-06-21 | N/A | 7.5 HIGH |
| Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | |||||
| CVE-2023-25743 | 1 Mozilla | 1 Firefox Focus | 2023-06-09 | N/A | 7.5 HIGH |
| A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | |||||
| CVE-2022-32747 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2023-04-03 | N/A | 8.1 HIGH |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | |||||
| CVE-2022-4098 | 1 Wut | 32 Com-server 20ma, Com-server 20ma Firmware, Com-server \+\+ and 29 more | 2023-03-31 | N/A | 8.0 HIGH |
| Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by crafting modified HTTP Get requests. This may result in a complete takeover of the device. | |||||
| CVE-2018-3829 | 1 Elastic | 1 Elastic Cloud Enterprise | 2023-03-04 | 3.5 LOW | 5.3 MEDIUM |
| In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data. | |||||
| CVE-2019-3884 | 1 Redhat | 1 Openshift | 2023-03-03 | 5.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. | |||||