Vulnerabilities > Improper Authentication
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-19 | CVE-2019-2018 | Improper Authentication vulnerability in Google Android 8.1/9.0 In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. | 8.8 |
2019-06-19 | CVE-2019-11232 | Improper Authentication vulnerability in EIC Biyan 1.57/2.8 EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element. | 9.8 |
2019-06-18 | CVE-2018-18877 | Improper Authentication vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | 8.8 |
2019-06-18 | CVE-2019-10998 | Improper Authentication vulnerability in Phoenixcontact products An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. | 6.8 |
2019-06-17 | CVE-2017-9389 | Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. | 8.8 |
2019-06-17 | CVE-2017-9383 | Improper Authentication vulnerability in Getvera Veraedge Firmware and Veralite Firmware An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. | 9.9 |
2019-06-17 | CVE-2019-7579 | Improper Authentication vulnerability in Linksys Wrt1900Acs Firmware 1.0.3.187766 An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. | 7.5 |
2019-06-12 | CVE-2019-10157 | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . | 5.5 |
2019-06-07 | CVE-2018-19999 | Improper Authentication vulnerability in Solarwinds Serv-U FTP Server 15.1.6.25 The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. | 7.8 |
2019-06-05 | CVE-2019-1842 | Improper Authentication vulnerability in Cisco IOS XR Firmware A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. | 5.4 |