Contournements (Bypass something)

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections. (CVSS:0.0) (Last Update:2018-05-23)

On Intel-based platforms, systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (CVSS:0.0) (Last Update:2018-05-22)

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. (CVSS:0.0) (Last Update:2018-05-21)

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. (CVSS:0.0) (Last Update:2018-05-19)

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. (CVSS:0.0) (Last Update:2018-05-22)

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331. (CVSS:0.0) (Last Update:2018-05-22)

Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure. (CVSS:0.0) (Last Update:2018-05-19)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. (CVSS:0.0) (Last Update:2018-05-17)