Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2012-1258 | Improper Authentication vulnerability in Plixer Scrutinizer Netflow & Sflow Analyzer 5.0.2/8.6.2.16204 cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | 6.5 |
| 2020-01-09 | CVE-2020-1786 | Improper Authentication vulnerability in Huawei Mate 20 PRO Firmware HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. | 4.6 |
| 2020-01-09 | CVE-2020-1787 | Improper Authentication vulnerability in Huawei Mate 20 Firmware 9.0.0.195(C01E195R2P1)/9.0.0.205(C00E205R2P1)/9.1.0.131(C00E131R3P1) HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. | 6.6 |
| 2020-01-09 | CVE-2014-2651 | Improper Authentication vulnerability in Atos products Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | 9.8 |
| 2020-01-08 | CVE-2019-17023 | Improper Authentication vulnerability in multiple products After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. | 6.5 |
| 2020-01-08 | CVE-2019-19518 | Improper Authentication vulnerability in Broadcom CA Automic Sysload 5.6.0/6.1.2 CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | 9.8 |
| 2020-01-08 | CVE-2019-20360 | Improper Authentication vulnerability in Givewp A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. | 7.5 |
| 2020-01-07 | CVE-2013-5122 | Improper Authentication vulnerability in Cisco products Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | 9.8 |
| 2019-12-31 | CVE-2018-19834 | Improper Authentication vulnerability in Bombba Project Bombba The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 7.5 |
| 2019-12-31 | CVE-2018-19833 | Improper Authentication vulnerability in DDQ Project DDQ The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | 7.5 |