Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2021-02-27 CVE-2019-25023 Authentication Bypass by Spoofing vulnerability in Scytl Secure Vote 2.1
An issue was discovered in Scytl sVote 2.1.
network
low complexity
scytl CWE-290
6.5
2021-02-09 CVE-2021-21134 Authentication Bypass by Spoofing vulnerability in multiple products
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google microsoft CWE-290
6.5
2021-02-03 CVE-2020-17516 Authentication Bypass by Spoofing vulnerability in Apache Cassandra
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections.
network
low complexity
apache CWE-290
7.5
2021-01-19 CVE-2020-27276 Authentication Bypass by Spoofing vulnerability in Sooil products
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
low complexity
sooil CWE-290
5.7
2020-12-17 CVE-2020-26276 Authentication Bypass by Spoofing vulnerability in Fleetdm Fleet
Fleet is an open source osquery manager.
network
low complexity
fleetdm CWE-290
critical
9.8
2020-12-14 CVE-2020-28856 Authentication Bypass by Spoofing vulnerability in Openasset Digital Asset Management
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
network
low complexity
openasset CWE-290
7.5
2020-12-08 CVE-2020-26254 Authentication Bypass by Spoofing vulnerability in Omniauth-Apple Project Omniauth-Apple
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple).
network
low complexity
omniauth-apple-project CWE-290
7.7
2020-10-29 CVE-2020-4864 Authentication Bypass by Spoofing vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address.
low complexity
ibm CWE-290
4.3
2020-10-19 CVE-2020-24375 Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
network
low complexity
free CWE-290
6.5
2020-10-15 CVE-2020-7327 Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed
local
low complexity
mcafee CWE-290
6.7