Vulnerabilities > Authentication Bypass by Spoofing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-21142 | Authentication Bypass by Spoofing vulnerability in Appleple A-Blog CMS Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | 9.8 |
| 2022-02-11 | CVE-2022-24112 | Authentication Bypass by Spoofing vulnerability in Apache Apisix An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. | 9.8 |
| 2022-01-13 | CVE-2022-23131 | Authentication Bypass by Spoofing vulnerability in Zabbix In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. | 9.8 |
| 2021-12-15 | CVE-2021-42320 | Authentication Bypass by Spoofing vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Spoofing Vulnerability | 5.7 |
| 2021-12-07 | CVE-2021-40288 | Authentication Bypass by Spoofing vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | 7.5 |
| 2021-10-07 | CVE-2021-41130 | Authentication Bypass by Spoofing vulnerability in Google Extensible Service Proxy Extensible Service Proxy, a.k.a. | 5.4 |
| 2021-10-06 | CVE-2020-19003 | Authentication Bypass by Spoofing vulnerability in Liftoffsoftware Gate ONE 1.2.0 An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | 5.3 |
| 2021-09-27 | CVE-2021-41753 | Authentication Bypass by Spoofing vulnerability in Dlink Dir-X1560 Firmware and Dir-X6060 Firmware A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. | 7.5 |
| 2021-09-13 | CVE-2021-40823 | Authentication Bypass by Spoofing vulnerability in Matrix Javascript SDK A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |
| 2021-09-13 | CVE-2021-40824 | Authentication Bypass by Spoofing vulnerability in Matrix Element and Matrix-Android-Sdk2 A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. | 5.9 |