Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-05 | CVE-2019-1877 | Improper Authentication vulnerability in Cisco Enterprise Chat and Email 11.6(1)Es9 A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. | 6.5 |
| 2019-11-02 | CVE-2019-18661 | Improper Authentication vulnerability in Fastweb Fastgate Firmware 1.0.1B Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. | 7.5 |
| 2019-10-31 | CVE-2018-4064 | Improper Authentication vulnerability in Sierrawireless Airlink Es450 Firmware 4.9.3 An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. | 7.1 |
| 2019-10-30 | CVE-2013-1391 | Improper Authentication vulnerability in multiple products Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. | 7.5 |
| 2019-10-25 | CVE-2016-2359 | Improper Authentication vulnerability in Milesight IP Security Camera Firmware 20161114 Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | 9.8 |
| 2019-10-16 | CVE-2019-17627 | Improper Authentication vulnerability in Yalehome Yale Bluetooth KEY The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. | 6.5 |
| 2019-10-10 | CVE-2019-9531 | Improper Authentication vulnerability in Cobham Explorer 710 Firmware 1.07 The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. | 9.8 |
| 2019-10-09 | CVE-2019-17372 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. | 8.1 |
| 2019-10-08 | CVE-2019-17134 | Improper Authentication vulnerability in multiple products Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | 9.1 |
| 2019-10-08 | CVE-2019-16929 | Improper Authentication vulnerability in Auth0 Auth0.Net Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens. | 7.5 |