Total
420 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11701 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-11-27 | 4.3 Medium |
| The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | ||||
| CVE-2023-29147 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-11-26 | 5.5 Medium |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | ||||
| CVE-2023-22814 | 1 Westerndigital | 12 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 9 more | 2024-11-26 | 10 Critical |
| An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | ||||
| CVE-2023-4001 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Grub2, Enterprise Linux and 1 more | 2024-11-24 | 6.8 Medium |
| An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. | ||||
| CVE-2023-20256 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | 5 Medium |
| Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | ||||
| CVE-2024-39337 | 2024-11-21 | 6.5 Medium | ||
| Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass. | ||||
| CVE-2024-36588 | 2024-11-21 | 6.5 Medium | ||
| An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request. | ||||
| CVE-2024-8386 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | 6.1 Medium |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | ||||
| CVE-2024-6678 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | ||||
| CVE-2024-6163 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.3 Medium |
| Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data | ||||
| CVE-2024-51504 | 1 Apache | 1 Zookeeper | 2024-11-21 | 9.1 Critical |
| When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. Users are recommended to upgrade to version 3.9.3, which fixes this issue. | ||||
| CVE-2024-39350 | 2024-11-21 | 7.5 High | ||
| A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | ||||
| CVE-2024-37430 | 2024-11-21 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0. | ||||
| CVE-2024-37082 | 2024-11-21 | 9.1 Critical | ||
| When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”. | ||||
| CVE-2024-35749 | 1 Acurax | 1 Under Construction \/ Maintenance Mode | 2024-11-21 | 3.7 Low |
| Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. | ||||
| CVE-2024-34397 | 1 Redhat | 2 Enterprise Linux, Service Interconnect | 2024-11-21 | 5.2 Medium |
| An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. | ||||
| CVE-2024-33917 | 2024-11-21 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6. | ||||
| CVE-2024-33531 | 2024-11-21 | 8.1 High | ||
| cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. | ||||
| CVE-2024-32827 | 1 Rafflepress | 1 Giveaways And Contests By Rafflepress | 2024-11-21 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7. | ||||
| CVE-2024-32786 | 1 Wproyal | 1 Royal Elementor Addons And Templates | 2024-11-21 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | ||||