Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-10966 Improper Authentication vulnerability in GE products
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
network
low complexity
ge CWE-287
5.3
2019-07-08 CVE-2019-9629 Improper Authentication vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials).
network
low complexity
sonatype CWE-287
critical
9.8
2019-07-05 CVE-2019-5964 Improper Authentication vulnerability in Idoors Reader 2.10.17
iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors.
low complexity
idoors CWE-287
8.8
2019-07-03 CVE-2019-12845 Improper Authentication vulnerability in Jetbrains Teamcity
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts.
network
low complexity
jetbrains CWE-287
5.3
2019-07-03 CVE-2018-11426 Improper Authentication vulnerability in Moxa products
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
network
low complexity
moxa CWE-287
critical
9.8
2019-07-02 CVE-2017-8405 Improper Authentication vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices.
network
low complexity
dlink CWE-287
7.5
2019-07-01 CVE-2019-7666 Improper Authentication vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-287
8.8
2019-06-28 CVE-2018-14868 Improper Authentication vulnerability in Odoo 9.0
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
network
low complexity
odoo CWE-287
6.5
2019-06-27 CVE-2018-15556 Improper Authentication vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
network
low complexity
actiontec CWE-287
critical
9.8
2019-06-27 CVE-2019-7226 Improper Authentication vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions.
low complexity
abb CWE-287
8.8