Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-8383 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
4.3
2018-07-11 CVE-2018-8278 Authentication Bypass by Spoofing vulnerability in Microsoft Edge
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
network
low complexity
microsoft CWE-290
6.1
2018-06-17 CVE-2018-12331 Authentication Bypass by Spoofing vulnerability in Ecos System Management Appliance 5.2.68
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."
network
high complexity
ecos CWE-290
7.4
2018-05-17 CVE-2018-7160 Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.
network
low complexity
nodejs CWE-290
8.8
2018-05-09 CVE-2018-8153 Authentication Bypass by Spoofing vulnerability in Microsoft Exchange Server 2016
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.
network
low complexity
microsoft CWE-290
5.4
2018-04-05 CVE-2017-12095 Authentication Bypass by Spoofing vulnerability in Meetcircle Circle With Disney Firmware 2.0.1
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1.
low complexity
meetcircle CWE-290
6.5
2018-02-16 CVE-2017-18190 Authentication Bypass by Spoofing vulnerability in multiple products
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.
network
low complexity
apple debian canonical CWE-290
7.5
2017-12-27 CVE-2017-16897 Authentication Bypass by Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5.
network
high complexity
auth0 CWE-290
8.1
2017-12-01 CVE-2017-14487 Authentication Bypass by Spoofing vulnerability in Ohmibod Remote
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.
network
low complexity
ohmibod CWE-290
critical
9.1
2017-11-07 CVE-2017-12096 Authentication Bypass by Spoofing vulnerability in Meetcircle Circle With Disney Firmware 2.0.1
An exploitable vulnerability exists in the WiFi management of Circle with Disney.
low complexity
meetcircle CWE-290
6.5