Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2020-03-22 CVE-2020-10807 Authentication Bypass by Spoofing vulnerability in Mitre Caldera
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
network
low complexity
mitre CWE-290
5.3
2020-03-18 CVE-2019-12131 Authentication Bypass by Spoofing vulnerability in Onap Open Network Automation Platform
An issue was detected in ONAP APPC through Dublin and SDC through Dublin.
network
low complexity
onap CWE-290
critical
9.1
2020-02-20 CVE-2019-11189 Authentication Bypass by Spoofing vulnerability in Opennetworking Onos
Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection.
network
low complexity
opennetworking CWE-290
7.5
2020-01-02 CVE-2019-20203 Authentication Bypass by Spoofing vulnerability in Postieplugin Postie
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.
network
low complexity
postieplugin CWE-290
5.3
2019-12-19 CVE-2019-16871 Authentication Bypass by Spoofing vulnerability in Beckhoff Twincat 2.0/3.0/3.1
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
network
low complexity
beckhoff CWE-290
critical
9.8
2019-12-16 CVE-2019-18259 Authentication Bypass by Spoofing vulnerability in Omron PLC CJ Firmware and PLC CS Firmware
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
network
low complexity
omron CWE-290
critical
9.8
2019-11-25 CVE-2019-13715 Authentication Bypass by Spoofing vulnerability in multiple products
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google opensuse CWE-290
4.3
2019-11-25 CVE-2019-13709 Authentication Bypass by Spoofing vulnerability in multiple products
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
network
low complexity
google opensuse CWE-290
6.5
2019-11-25 CVE-2019-13708 Authentication Bypass by Spoofing vulnerability in multiple products
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google opensuse CWE-290
4.3
2019-11-25 CVE-2019-13704 Authentication Bypass by Spoofing vulnerability in multiple products
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google opensuse CWE-290
4.3