| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.
Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue. |
| Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. |
| The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft Edge for Android Spoofing Vulnerability |
| Microsoft Edge for iOS Spoofing Vulnerability |
| Microsoft OneNote Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. |
| The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. |
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. |