Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2013-3072 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 9.8 |
| 2019-11-14 | CVE-2019-11170 | Improper Authentication vulnerability in Intel Baseboard Management Controller Firmware 2.09 Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | 7.8 |
| 2019-11-13 | CVE-2013-3367 | Improper Authentication vulnerability in Trendnet Tew-691Gr Firmware and Tew-692Gr Firmware Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | 9.8 |
| 2019-11-13 | CVE-2019-5233 | Improper Authentication vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.41(Sp2C00E41R3P2) Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. | 8.8 |
| 2019-11-12 | CVE-2019-5213 | Improper Authentication vulnerability in Huawei Honor Play Firmware 9.1.0.333(C00E333R1P1T8)/Cornellal00A9.0.0.156(C00E156R1P13T8) Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. | 2.4 |
| 2019-11-12 | CVE-2019-18848 | Improper Authentication vulnerability in multiple products The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. | 7.5 |
| 2019-11-06 | CVE-2011-4628 | Improper Authentication vulnerability in Typo3 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | 9.8 |
| 2019-11-05 | CVE-2019-8108 | Improper Authentication vulnerability in Magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. | 6.5 |
| 2019-11-05 | CVE-2013-5123 | Improper Authentication vulnerability in multiple products The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | 5.9 |
| 2019-11-05 | CVE-2019-1980 | Improper Authentication vulnerability in Cisco products A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. | 5.3 |