Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2018-1987 | Improper Authentication vulnerability in IBM Data Protection IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. | 7.8 |
| 2019-08-01 | CVE-2016-10826 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | 8.8 |
| 2019-08-01 | CVE-2018-20937 | Improper Authentication vulnerability in Cpanel cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | 4.3 |
| 2019-08-01 | CVE-2016-10835 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | 4.3 |
| 2019-08-01 | CVE-2016-10833 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | 7.5 |
| 2019-08-01 | CVE-2016-10832 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | 6.5 |
| 2019-08-01 | CVE-2016-10831 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | 7.2 |
| 2019-08-01 | CVE-2018-20924 | Improper Authentication vulnerability in Cpanel cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | 5.5 |
| 2019-08-01 | CVE-2016-10836 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | 6.5 |
| 2019-08-01 | CVE-2018-20888 | Improper Authentication vulnerability in Cpanel cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | 5.5 |