Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-19519 | Improper Authentication vulnerability in Openbsd 6.6 In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | 7.8 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-12-02 | CVE-2019-19507 | Improper Authentication vulnerability in Json Pattern Validator Project Json Pattern Validator In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. | 5.3 |
| 2019-12-02 | CVE-2019-12394 | Improper Authentication vulnerability in Anviz Management System Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | 9.8 |
| 2019-11-29 | CVE-2019-5218 | Improper Authentication vulnerability in Huawei Band 2 Firmware and Band 3 Firmware There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. | 8.8 |
| 2019-11-26 | CVE-2019-16201 | Improper Authentication vulnerability in multiple products WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. | 7.5 |
| 2019-11-26 | CVE-2019-6675 | Improper Authentication vulnerability in F5 products BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. | 9.8 |
| 2019-11-26 | CVE-2019-14856 | Improper Authentication vulnerability in multiple products ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None | 6.5 |
| 2019-11-26 | CVE-2019-15987 | Improper Authentication vulnerability in Cisco products A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. | 5.3 |
| 2019-11-26 | CVE-2019-18250 | Improper Authentication vulnerability in ABB products In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. | 9.8 |