Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2019-13336 | Improper Authentication vulnerability in Dbell Db01-S Firmware The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. | 9.8 |
| 2019-09-27 | CVE-2019-11733 | Improper Authentication vulnerability in Mozilla Firefox When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. | 9.8 |
| 2019-09-25 | CVE-2019-12664 | Improper Authentication vulnerability in Cisco IOS XE 16.6.4 A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. | 7.5 |
| 2019-09-24 | CVE-2019-14239 | Improper Authentication vulnerability in NXP products On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction inside the execute-only region to expose the protected code into a CPU register. | 6.6 |
| 2019-09-24 | CVE-2019-14238 | Improper Authentication vulnerability in ST products On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITCM) bus. | 6.6 |
| 2019-09-17 | CVE-2019-6832 | Improper Authentication vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | 8.3 |
| 2019-09-17 | CVE-2016-10983 | Improper Authentication vulnerability in Ghost The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. | 6.5 |
| 2019-09-12 | CVE-2019-16261 | Improper Authentication vulnerability in Tripplite Pdumh15At Firmware 12.04.0053 Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/ directory, as demonstrated by changing the manager or admin password, or shutting off power to an outlet. | 9.1 |
| 2019-09-11 | CVE-2019-16250 | Improper Authentication vulnerability in Oceanwp Ocean Extra includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | 7.5 |
| 2019-09-09 | CVE-2019-16190 | Improper Authentication vulnerability in Dlink products SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. | 9.8 |