Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-16 | CVE-2022-48469 | Authentication Bypass by Spoofing vulnerability in Huawei B535-232A Firmware 2.0.0.1 There is a traffic hijacking vulnerability in Huawei routers. | 6.5 |
| 2023-06-13 | CVE-2023-2807 | Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. | 9.8 |
| 2023-06-12 | CVE-2022-36331 | Authentication Bypass by Spoofing vulnerability in Westerndigital products Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. | 7.5 |
| 2023-06-02 | CVE-2023-25743 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox Focus A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. | 7.5 |
| 2023-06-02 | CVE-2023-32207 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. | 8.8 |
| 2023-04-15 | CVE-2022-47522 | Authentication Bypass by Spoofing vulnerability in multiple products The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. | 7.5 |
| 2023-03-27 | CVE-2023-0816 | Authentication Bypass by Spoofing vulnerability in Strategy11 Formidable Form Builder The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | 6.5 |
| 2023-02-27 | CVE-2022-4550 | Authentication Bypass by Spoofing vulnerability in User Activity Project User Activity The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | 7.5 |
| 2023-02-08 | CVE-2022-47648 | Authentication Bypass by Spoofing vulnerability in Bosch B420 Firmware 02.02.0001 An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. | 8.8 |
| 2023-02-02 | CVE-2022-40269 | Authentication Bypass by Spoofing vulnerability in Mitsubishielectric Gt25 Firmware, Gt27 Firmware and GT Softgot2000 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 8.1 |