Vulnerabilities > Authentication Bypass by Spoofing

DATE CVE VULNERABILITY TITLE RISK
2023-06-19 CVE-2023-34167 Authentication Bypass by Spoofing vulnerability in Huawei Emui
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
network
low complexity
huawei CWE-290
5.3
2023-06-16 CVE-2022-48469 Authentication Bypass by Spoofing vulnerability in Huawei B535-232A Firmware 2.0.0.1
There is a traffic hijacking vulnerability in Huawei routers.
network
low complexity
huawei CWE-290
6.5
2023-06-13 CVE-2023-2807 Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.
network
low complexity
pandorafms CWE-290
critical
9.8
2023-06-12 CVE-2022-36331 Authentication Bypass by Spoofing vulnerability in Westerndigital products
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
network
low complexity
westerndigital CWE-290
7.5
2023-06-02 CVE-2023-25743 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox Focus
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus.
network
low complexity
mozilla CWE-290
7.5
2023-06-02 CVE-2023-32207 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla CWE-290
8.8
2023-04-15 CVE-2022-47522 Authentication Bypass by Spoofing vulnerability in multiple products
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context.
high complexity
ieee sonicwall CWE-290
7.5
2023-03-27 CVE-2023-0816 Authentication Bypass by Spoofing vulnerability in Strategy11 Formidable Form Builder
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.
network
low complexity
strategy11 CWE-290
6.5
2023-02-27 CVE-2022-4550 Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing
network
low complexity
user-activity-project CWE-290
7.5
2023-02-08 CVE-2022-47648 Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001
An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization.
low complexity
bosch CWE-290
8.8