Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-24375 | Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 6.5 |
| 2020-10-15 | CVE-2020-7327 | Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0 Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 6.7 |
| 2020-10-15 | CVE-2020-7326 | Authentication Bypass by Spoofing vulnerability in Mcafee Active Response Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | 6.7 |
| 2020-09-30 | CVE-2019-18989 | Authentication Bypass by Spoofing vulnerability in Mediatek Mt7620N Firmware 1.06 A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. | 5.4 |
| 2020-09-30 | CVE-2019-18990 | Authentication Bypass by Spoofing vulnerability in Realtek products A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. | 5.4 |
| 2020-09-30 | CVE-2019-18991 | Authentication Bypass by Spoofing vulnerability in Qualcomm products A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. | 5.4 |
| 2020-09-30 | CVE-2018-5354 | Authentication Bypass by Spoofing vulnerability in Anixis Password Reset Client The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. | 8.8 |
| 2020-09-30 | CVE-2018-5353 | Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. | 9.8 |
| 2020-08-26 | CVE-2020-16250 | Authentication Bypass by Spoofing vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-12 | CVE-2020-5415 | Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. | 10.0 |