Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2019-12300 | Improper Authentication vulnerability in Buildbot Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. | 9.8 |
| 2019-05-22 | CVE-2019-6814 | Improper Authentication vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI. | 9.8 |
| 2019-05-22 | CVE-2018-7847 | Improper Authentication vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. | 9.8 |
| 2019-05-22 | CVE-2019-8443 | Improper Authentication vulnerability in Atlassian Jira The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability. | 8.1 |
| 2019-05-16 | CVE-2019-10911 | Improper Authentication vulnerability in multiple products In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. | 7.5 |
| 2019-05-13 | CVE-2019-7218 | Improper Authentication vulnerability in Citrix Sharefile Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. | 5.9 |
| 2019-05-10 | CVE-2019-1867 | Improper Authentication vulnerability in Cisco Elastic Services Controller A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. | 10.0 |
| 2019-05-09 | CVE-2017-12778 | Improper Authentication vulnerability in Qbittorrent 3.3.15 The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. | 7.1 |
| 2019-05-06 | CVE-2018-13990 | Improper Authentication vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | 9.8 |
| 2019-05-03 | CVE-2019-1724 | Improper Authentication vulnerability in Cisco products A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 8.8 |