Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-3927 | Improper Authentication vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. | 9.8 |
| 2019-04-28 | CVE-2019-11576 | Improper Authentication vulnerability in Gitea Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. | 9.8 |
| 2019-04-25 | CVE-2019-11488 | Improper Authentication vulnerability in Simplybook Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history. | 8.1 |
| 2019-04-25 | CVE-2018-16219 | Improper Authentication vulnerability in Audiocodes 405Hd Firmware 2.2.12 A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request. | 8.8 |
| 2019-04-24 | CVE-2019-11081 | Improper Authentication vulnerability in Dentsplysirona Sidexis 4.2 A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | 9.8 |
| 2019-04-23 | CVE-2018-1317 | Improper Authentication vulnerability in Apache Zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | 8.8 |
| 2019-04-22 | CVE-2019-11234 | Improper Authentication vulnerability in multiple products FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. | 9.8 |
| 2019-04-18 | CVE-2019-11015 | Improper Authentication vulnerability in Miui 10.1.3.0 A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). | 6.8 |
| 2019-04-17 | CVE-2018-0382 | Improper Authentication vulnerability in Cisco Wireless LAN Controller Software 8.1(111.0)/8.5(120.0) A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 7.5 |
| 2019-04-17 | CVE-2019-10643 | Improper Authentication vulnerability in Contao CMS 4.7.0 Contao 4.7 allows Use of a Key Past its Expiration Date. | 9.8 |