Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2020-10-15 CVE-2020-7326 Authentication Bypass by Spoofing vulnerability in Mcafee Active Response
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed
local
low complexity
mcafee CWE-290
6.7
2020-09-30 CVE-2019-18989 Authentication Bypass by Spoofing vulnerability in Mediatek Mt7620N Firmware 1.06
A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices.
low complexity
mediatek CWE-290
5.4
2020-09-30 CVE-2019-18990 Authentication Bypass by Spoofing vulnerability in Realtek products
A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices.
low complexity
realtek CWE-290
5.4
2020-09-30 CVE-2019-18991 Authentication Bypass by Spoofing vulnerability in Qualcomm products
A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices.
low complexity
qualcomm CWE-290
5.4
2020-09-30 CVE-2018-5354 Authentication Bypass by Spoofing vulnerability in Anixis Password Reset Client
The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing.
low complexity
anixis CWE-290
8.8
2020-09-30 CVE-2018-5353 Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing.
network
low complexity
zohocorp CWE-290
critical
9.8
2020-08-26 CVE-2020-16250 Authentication Bypass by Spoofing vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass.
network
low complexity
hashicorp CWE-290
8.2
2020-08-12 CVE-2020-5415 Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team.
network
low complexity
pivotal-software CWE-290
critical
10.0
2020-06-10 CVE-2020-2033 Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks.
high complexity
paloaltonetworks CWE-290
5.3
2020-06-09 CVE-2020-1331 Authentication Bypass by Spoofing vulnerability in Microsoft System Center Operations Manager
A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.
network
low complexity
microsoft CWE-290
5.4