Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-1329 Authentication Bypass by Spoofing vulnerability in Microsoft Bing
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'.
network
low complexity
microsoft CWE-290
6.5
2020-06-02 CVE-2020-10136 Authentication Bypass by Spoofing vulnerability in multiple products
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
network
low complexity
cisco digi hp treck CWE-290
5.3
2020-05-19 CVE-2020-10135 Authentication Bypass by Spoofing vulnerability in multiple products
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access.
low complexity
bluetooth opensuse CWE-290
5.4
2020-05-13 CVE-2020-2002 Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users.
network
high complexity
paloaltonetworks CWE-290
8.1
2020-05-06 CVE-2020-4421 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify.
network
low complexity
ibm CWE-290
5.4
2020-04-27 CVE-2020-12272 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message.
network
low complexity
trusteddomain fedoraproject CWE-290
5.3
2020-04-27 CVE-2019-20790 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
network
low complexity
trusteddomain pypolicyd-spf-project fedoraproject CWE-290
critical
9.8
2020-04-08 CVE-2020-4290 Authentication Bypass by Spoofing vulnerability in IBM Security Information Queue
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access.
network
low complexity
ibm CWE-290
5.4
2020-03-25 CVE-2020-6810 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode.
network
low complexity
mozilla CWE-290
4.3
2020-03-25 CVE-2020-6808 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented.
network
low complexity
mozilla CWE-290
6.5