Total
333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27964 | 1 Apple | 1 Airpods Firmware | 2024-08-02 | 5.4 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. | ||||
| CVE-2023-25743 | 2 Mozilla, Redhat | 6 Firefox Focus, Enterprise Linux, Rhel Aus and 3 more | 2024-08-02 | 7.5 High |
| A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. | ||||
| CVE-2023-22814 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-08-02 | 10 Critical |
| An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | ||||
| CVE-2023-22474 | 1 Parseplatform | 1 Parse-server | 2024-08-02 | 8.7 High |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`. | ||||
| CVE-2023-21794 | 1 Microsoft | 1 Edge Chromium | 2024-08-02 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-20256 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-08-02 | 5 Medium |
| Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | ||||
| CVE-2023-20245 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-08-02 | 5.8 Medium |
| Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | ||||
| CVE-2023-7169 | 1 Snowsoftware | 1 Snow Inventory Agent | 2024-08-02 | 6 Medium |
| Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0 | ||||
| CVE-2023-6263 | 1 Networkoptix | 1 Nxcloud | 2024-08-02 | 8.3 High |
| An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server. | ||||
| CVE-2023-6044 | 1 Lenovo | 1 Vantage | 2024-08-02 | 6.3 Medium |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. | ||||
| CVE-2023-4566 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-3243 | 1 Honeywell | 2 Alerton Bcm-web, Alerton Bcm-web Firmware | 2024-08-02 | 8.3 High |
| ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. | ||||
| CVE-2023-3103 | 1 Unitree | 2 A1, A1 Firmware | 2024-08-02 | 8 High |
| Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition. | ||||
| CVE-2023-3128 | 2 Grafana, Redhat | 3 Grafana, Ceph Storage, Enterprise Linux | 2024-08-02 | 9.4 Critical |
| Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. | ||||
| CVE-2023-2887 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2024-08-02 | 9.8 Critical |
| Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-2807 | 1 Pandorafms | 1 Pandora Fms | 2024-08-02 | 6.4 Medium |
| Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms. | ||||
| CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2024-08-02 | 6.5 Medium |
| The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | ||||
| CVE-2024-39350 | 2024-08-02 | 7.5 High | ||
| A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | ||||
| CVE-2024-37430 | 2024-08-02 | 5.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0. | ||||
| CVE-2024-37082 | 2024-08-02 | 9.1 Critical | ||
| When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have configured the haproxy-boshrelease property “ha_proxy.forwarded_client_cert” to “forward_only_if_route_service”. | ||||