Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-15 | CVE-2020-7326 | Authentication Bypass by Spoofing vulnerability in Mcafee Active Response Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed | 6.7 |
| 2020-09-30 | CVE-2018-5354 | Authentication Bypass by Spoofing vulnerability in Anixis Password Reset Client The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. | 5.8 |
| 2020-09-30 | CVE-2018-5353 | Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. | 7.5 |
| 2020-08-26 | CVE-2020-16250 | Authentication Bypass by Spoofing vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-12 | CVE-2020-5415 | Authentication Bypass by Spoofing vulnerability in Pivotal Software Concourse Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. | 6.4 |
| 2020-06-10 | CVE-2020-2033 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Globalprotect When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. | 2.9 |
| 2020-06-09 | CVE-2020-1331 | Authentication Bypass by Spoofing vulnerability in Microsoft System Center Operations Manager A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'. | 3.5 |
| 2020-06-09 | CVE-2020-1329 | Authentication Bypass by Spoofing vulnerability in Microsoft Bing A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. | 4.3 |
| 2020-06-02 | CVE-2020-10136 | Authentication Bypass by Spoofing vulnerability in multiple products Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors. | 5.0 |
| 2020-05-19 | CVE-2020-10135 | Authentication Bypass by Spoofing vulnerability in multiple products Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. | 4.8 |