Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2016-2359 | Improper Authentication vulnerability in Milesight IP Security Camera Firmware 20161114 Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 9.8 |
| 2019-10-16 | CVE-2019-17627 | Improper Authentication vulnerability in Yalehome Yale Bluetooth KEY The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. | 6.5 |
| 2019-10-10 | CVE-2019-9531 | Improper Authentication vulnerability in Cobham Explorer 710 Firmware 1.07 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. | 9.8 |
| 2019-10-09 | CVE-2019-17372 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. | 8.1 |
| 2019-10-08 | CVE-2019-17134 | Improper Authentication vulnerability in multiple products Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | 9.1 |
| 2019-10-08 | CVE-2019-16929 | Improper Authentication vulnerability in Auth0 Auth0.Net Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | 7.5 |
| 2019-10-08 | CVE-2019-13336 | Improper Authentication vulnerability in Dbell Db01-S Firmware The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. | 9.8 |
| 2019-09-27 | CVE-2019-11733 | Improper Authentication vulnerability in Mozilla Firefox When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. | 9.8 |
| 2019-09-25 | CVE-2019-12664 | Improper Authentication vulnerability in Cisco IOS XE 16.6.4 A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. | 7.5 |
| 2019-09-24 | CVE-2019-14239 | Improper Authentication vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. | 6.6 |