Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-10966 | Improper Authentication vulnerability in GE products In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | 5.3 |
| 2019-07-08 | CVE-2019-9629 | Improper Authentication vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | 9.8 |
| 2019-07-05 | CVE-2019-5964 | Improper Authentication vulnerability in Idoors Reader 2.10.17 iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. | 8.8 |
| 2019-07-03 | CVE-2019-12845 | Improper Authentication vulnerability in Jetbrains Teamcity The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. | 5.3 |
| 2019-07-03 | CVE-2018-11426 | Improper Authentication vulnerability in Moxa products A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. | 9.8 |
| 2019-07-02 | CVE-2017-8405 | Improper Authentication vulnerability in Dlink Dcs-1100 Firmware and Dcs-1130 Firmware An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. | 7.5 |
| 2019-07-01 | CVE-2019-7666 | Improper Authentication vulnerability in Primasystems Flexair 2.3.38 Prima Systems FlexAir, Versions 2.3.38 and prior. | 8.8 |
| 2019-06-28 | CVE-2018-14868 | Improper Authentication vulnerability in Odoo 9.0 Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call. | 6.5 |
| 2019-06-27 | CVE-2018-15556 | Improper Authentication vulnerability in Actiontec Web6000Q Firmware 1.1.02.22 The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. | 9.8 |
| 2019-06-27 | CVE-2019-7226 | Improper Authentication vulnerability in ABB Pb610 Panel Builder 600 Firmware 1.91/2.8.0.367 The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. | 8.8 |