Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2021-21134 | Authentication Bypass by Spoofing vulnerability in multiple products Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | 4.3 |
| 2021-02-03 | CVE-2020-17516 | Authentication Bypass by Spoofing vulnerability in Apache Cassandra Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. | 7.5 |
| 2021-01-19 | CVE-2020-27276 | Authentication Bypass by Spoofing vulnerability in Sooil products SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy. | 2.9 |
| 2021-01-12 | CVE-2021-1677 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure Kubernetes Service Azure Active Directory Pod Identity Spoofing Vulnerability | 5.5 |
| 2020-12-17 | CVE-2020-26276 | Authentication Bypass by Spoofing vulnerability in Fleetdm Fleet 3.3.0/3.4.0/3.5.0 Fleet is an open source osquery manager. | 6.8 |
| 2020-12-14 | CVE-2020-28856 | Authentication Bypass by Spoofing vulnerability in Openasset Digital Asset Management OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | 5.0 |
| 2020-12-08 | CVE-2020-26254 | Authentication Bypass by Spoofing vulnerability in Omniauth-Apple Project Omniauth-Apple omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). | 5.0 |
| 2020-10-29 | CVE-2020-4864 | Authentication Bypass by Spoofing vulnerability in IBM Resilient Security Orchestration Automation and Response 38.0 IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. | 3.3 |
| 2020-10-19 | CVE-2020-24375 | Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | 4.3 |
| 2020-10-15 | CVE-2020-7327 | Authentication Bypass by Spoofing vulnerability in Mcafee Mvision Endpoint Detection and Response 3.0.0/3.1.0 Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 6.7 |