Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2023-42843 Authentication Bypass by Spoofing vulnerability in multiple products
An inconsistent user interface issue was addressed with improved state management.
network
low complexity
apple fedoraproject wpewebkit webkitgtk CWE-290
4.3
2024-02-08 CVE-2023-7169 Authentication Bypass by Spoofing vulnerability in Snowsoftware Snow Inventory Agent
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5.
local
low complexity
snowsoftware CWE-290
5.5
2024-02-06 CVE-2024-22519 Authentication Bypass by Spoofing vulnerability in Sorenfriis Opendroneid OSM 3.5.1
An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets.
network
low complexity
sorenfriis CWE-290
8.2
2024-02-06 CVE-2024-22520 Authentication Bypass by Spoofing vulnerability in Dronetag Drone Scanner 1.5.2
An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.
network
low complexity
dronetag CWE-290
8.2
2024-01-15 CVE-2023-4001 Authentication Bypass by Spoofing vulnerability in multiple products
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature.
low complexity
gnu redhat fedoraproject CWE-290
6.8
2024-01-12 CVE-2024-0454 Authentication Bypass by Spoofing vulnerability in EMC Elan Match-On-Chip FPR Solution Firmware 3.0.12011.08009/3.3.12011.08103
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
low complexity
emc CWE-290
6.1
2024-01-11 CVE-2023-51350 Authentication Bypass by Spoofing vulnerability in Ujcms 8.0.2
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.
network
low complexity
ujcms CWE-290
critical
9.8
2023-12-10 CVE-2023-50463 Authentication Bypass by Spoofing vulnerability in Caddyserver Caddy 0.5.0/0.5.1/0.6.0
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
network
low complexity
caddyserver CWE-290
6.5
2023-11-22 CVE-2023-6263 Authentication Bypass by Spoofing vulnerability in Networkoptix Nxcloud
An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server.
network
high complexity
networkoptix CWE-290
8.1
2023-11-08 CVE-2023-5801 Authentication Bypass by Spoofing vulnerability in Huawei Emui and Harmonyos
Vulnerability of identity verification being bypassed in the face unlock module.
network
low complexity
huawei CWE-290
critical
9.1