Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-16378 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
network
low complexity
trusteddomain debian fedoraproject canonical CWE-290
critical
9.8
2019-05-22 CVE-2018-7842 Authentication Bypass by Spoofing vulnerability in Schneider-Electric products
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
network
low complexity
schneider-electric CWE-290
critical
9.8
2019-04-10 CVE-2019-0283 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Process Integration
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing.
network
low complexity
sap CWE-290
7.1
2019-04-05 CVE-2019-10875 Authentication Bypass by Spoofing vulnerability in MI Browser and Mint Browser
A URL spoofing vulnerability was found in all international versions of Xiaomi Mi browser 10.5.6-g (aka the MIUI native browser) and Mint Browser 1.5.3 due to the way they handle the "q" query parameter.
network
low complexity
mi CWE-290
6.5
2019-02-11 CVE-2018-15588 Authentication Bypass by Spoofing vulnerability in Freron Mailmate
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
network
low complexity
freron CWE-290
7.5
2019-02-01 CVE-2018-16483 Authentication Bypass by Spoofing vulnerability in Express-Cart Project Express-Cart
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
network
low complexity
express-cart-project CWE-290
8.8
2018-09-19 CVE-2018-3829 Authentication Bypass by Spoofing vulnerability in Elastic Cloud Enterprise
In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token.
network
high complexity
elastic CWE-290
5.3
2018-09-13 CVE-2018-8425 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
4.3
2018-09-06 CVE-2018-1695 Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server 7.0.0.0/8.0.0.0/8.5.5.0
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks.
network
high complexity
ibm CWE-290
5.6
2018-08-15 CVE-2018-8388 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
4.3