Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2019-1867 | Improper Authentication vulnerability in Cisco Elastic Services Controller A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. | 10.0 |
| 2019-05-09 | CVE-2017-12778 | Improper Authentication vulnerability in Qbittorrent 3.3.15 The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\qBittorrent pathname. | 7.1 |
| 2019-05-06 | CVE-2018-13990 | Improper Authentication vulnerability in Phoenixcontact products The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts. | 9.8 |
| 2019-05-03 | CVE-2019-1724 | Improper Authentication vulnerability in Cisco products A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. | 8.8 |
| 2019-04-30 | CVE-2019-3927 | Improper Authentication vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. | 9.8 |
| 2019-04-28 | CVE-2019-11576 | Improper Authentication vulnerability in Gitea Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. | 9.8 |
| 2019-04-25 | CVE-2019-11488 | Improper Authentication vulnerability in Simplybook Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history. | 8.1 |
| 2019-04-25 | CVE-2018-16219 | Improper Authentication vulnerability in Audiocodes 405Hd Firmware 2.2.12 A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password without authentication via a POST request. | 8.8 |
| 2019-04-24 | CVE-2019-11081 | Improper Authentication vulnerability in Dentsplysirona Sidexis 4.2 A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | 9.8 |
| 2019-04-23 | CVE-2018-1317 | Improper Authentication vulnerability in Apache Zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | 8.8 |