Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-22 | CVE-2020-10807 | Authentication Bypass by Spoofing vulnerability in Mitre Caldera auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. | 5.3 |
| 2020-03-18 | CVE-2019-12131 | Authentication Bypass by Spoofing vulnerability in Onap Open Network Automation Platform 3.0.0/3.0.1/3.0.2 An issue was detected in ONAP APPC through Dublin and SDC through Dublin. | 9.1 |
| 2020-02-20 | CVE-2019-11189 | Authentication Bypass by Spoofing vulnerability in Opennetworking Onos Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. | 7.5 |
| 2020-01-02 | CVE-2019-20203 | Authentication Bypass by Spoofing vulnerability in Postieplugin Postie The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message. | 5.3 |
| 2019-12-19 | CVE-2019-16871 | Authentication Bypass by Spoofing vulnerability in Beckhoff Twincat 2.0/3.0/3.1 Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | 9.8 |
| 2019-12-16 | CVE-2019-18259 | Authentication Bypass by Spoofing vulnerability in Omron PLC CJ Firmware and PLC CS Firmware In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. | 9.8 |
| 2019-11-25 | CVE-2019-13715 | Authentication Bypass by Spoofing vulnerability in multiple products Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |
| 2019-11-25 | CVE-2019-13709 | Authentication Bypass by Spoofing vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | 6.5 |
| 2019-11-25 | CVE-2019-13708 | Authentication Bypass by Spoofing vulnerability in multiple products Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2019-11-25 | CVE-2019-13704 | Authentication Bypass by Spoofing vulnerability in multiple products Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |