Vulnerabilities > Authentication Bypass by Spoofing
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-02 | CVE-2022-40269 | Authentication Bypass by Spoofing vulnerability in Mitsubishielectric Gt25 Firmware, Gt27 Firmware and GT Softgot2000 Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 8.1 |
2023-01-23 | CVE-2022-4303 | Authentication Bypass by Spoofing vulnerability in Ciphercoin WP Limit Login Attempts The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms. | 7.5 |
2023-01-23 | CVE-2022-4746 | Authentication Bypass by Spoofing vulnerability in Wpmanageninja Fluentauth The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. | 7.5 |
2022-12-22 | CVE-2022-31738 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. | 6.5 |
2022-12-05 | CVE-2022-41798 | Authentication Bypass by Spoofing vulnerability in Kyocera products Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. | 6.5 |
2022-11-03 | CVE-2022-38712 | Authentication Bypass by Spoofing vulnerability in IBM Websphere Application Server "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. | 5.9 |
2022-10-17 | CVE-2022-42983 | Authentication Bypass by Spoofing vulnerability in Anji-Plus Aj-Report 0.9.8.6 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | 8.8 |
2022-10-12 | CVE-2022-0030 | Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | 8.1 |
2022-09-27 | CVE-2021-27854 | Authentication Bypass by Spoofing vulnerability in multiple products Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. | 4.7 |
2022-09-27 | CVE-2021-27861 | Authentication Bypass by Spoofing vulnerability in multiple products Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) | 4.7 |