Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-05 | CVE-2019-15897 | Improper Authentication vulnerability in Thinkparq Beegfs 7.1.3 beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). | 9.6 |
| 2019-12-05 | CVE-2019-17437 | Improper Authentication vulnerability in Paloaltonetworks Pan-Os An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. | 7.8 |
| 2019-12-05 | CVE-2019-19598 | Improper Authentication vulnerability in Dlink Dap-1860 Firmware 1.01B06/1.02B01/1.04B01 D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. | 8.8 |
| 2019-12-05 | CVE-2019-19521 | Improper Authentication vulnerability in Openbsd 6.6 libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. | 9.8 |
| 2019-12-05 | CVE-2019-19519 | Improper Authentication vulnerability in Openbsd 6.6 In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | 7.8 |
| 2019-12-04 | CVE-2019-14909 | Improper Authentication vulnerability in Redhat Keycloak 7.0.0/7.0.1 A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | 8.3 |
| 2019-12-02 | CVE-2019-19507 | Improper Authentication vulnerability in Json Pattern Validator Project Json Pattern Validator In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. | 5.3 |
| 2019-12-02 | CVE-2019-12394 | Improper Authentication vulnerability in Anviz Management System Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | 9.8 |
| 2019-11-29 | CVE-2019-5218 | Improper Authentication vulnerability in Huawei Band 2 Firmware and Band 3 Firmware There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. | 8.8 |
| 2019-11-26 | CVE-2019-16201 | Improper Authentication vulnerability in multiple products WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. | 7.5 |